Hi, We think that we found the problem.
The server end had a timeout, and apparently, openssl tries to do a reverse DNS lookup after establishing the connection to the server, but before sending the client HELLO, That reverse DNS lookup was failing, but taking awhile to fail, so the server was sending the "unknown protocol" error, because it was timing out. Jim ---- oh...@cox.net wrote: > Hi, > > I wanted to mention one other piece of information. Apparently, the server > certificate in this case has the IP address of the server, rather than a > hostname/FQDN, in the subject (i.e., CN=xx.xx.xx.xx,...). The server end is > not our under our control, so we can't change that. > > Jim > > > > > > ---- oh...@cox.net wrote: > > Hi, > > > > We are trying to use "openssl s_client" to test a server-authenticated > > (1-way SSL) connection. > > > > The openssl s_client command is being run (on a Redhat machine) using the > > IP address of the SSL-enabled server, i.e., something like: > > > > openssl s_client -connect xx.xx.xx.xx:443 .... > > > > The problem we're having is that the connection is failing about 80% of the > > time. When it fails, we see the client Hello being sent, but then no > > server Hello and an "unknown protocol". > > > > Now, here's the strange thing... If we add an entry in the /etc/hosts with > > the IP address of the SSL server, and with ANY hostname (doesn't matter > > what it is), then the connection succeeds all the time. > > > > I was wondering if anyone be able to explain why the connection would not > > succeed SOME of the times if there isn't an entry in the client-side > > /etc/hosts file, but then would work all the time if there's an entry in > > /etc/hosts with the IP address of the SSL-enabled server (with ANY hostname > > in the /etc/hosts entry)? > > > > Thanks, > > Jim > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
