Hi, I wanted to mention one other piece of information. Apparently, the server certificate in this case has the IP address of the server, rather than a hostname/FQDN, in the subject (i.e., CN=xx.xx.xx.xx,...). The server end is not our under our control, so we can't change that.
Jim ---- oh...@cox.net wrote: > Hi, > > We are trying to use "openssl s_client" to test a server-authenticated (1-way > SSL) connection. > > The openssl s_client command is being run (on a Redhat machine) using the IP > address of the SSL-enabled server, i.e., something like: > > openssl s_client -connect xx.xx.xx.xx:443 .... > > The problem we're having is that the connection is failing about 80% of the > time. When it fails, we see the client Hello being sent, but then no server > Hello and an "unknown protocol". > > Now, here's the strange thing... If we add an entry in the /etc/hosts with > the IP address of the SSL server, and with ANY hostname (doesn't matter what > it is), then the connection succeeds all the time. > > I was wondering if anyone be able to explain why the connection would not > succeed SOME of the times if there isn't an entry in the client-side > /etc/hosts file, but then would work all the time if there's an entry in > /etc/hosts with the IP address of the SSL-enabled server (with ANY hostname > in the /etc/hosts entry)? > > Thanks, > Jim > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
