> From: owner-openssl-us...@openssl.org On Behalf Of Doug Nebeker > Sent: Friday, 25 March, 2011 10:24
> I'm sorry if this is common knowledge - I haven't been able to find an answer. > I have a simple HTTPS server built with OpenSSL. When I run: > openssl s_client -connect 192.168.10.22:81 > from my Linux box (0.9.8o), I get the dreaded SSL3_READ_BYTES handshake failure. On the client or server? If client, try -state at least, and preferably also -debug, to see exactly where in the handshake this occurs. Aside- do you really have a server cert in the name "192.168.10.22"? That's unusual, though possible. If not, if the cert name differs from the name you connect to, openssl s_client (and openssl library) don't care, but other clients often do. Usually you get the cert with the domain name of the server, and connect to that domain name. > If I run the exact same command on a Windows box (1.0.0a), it works fine. > Is this a Linux vs Windows implementation issue, or did something big enough > change in 1.0.0 such that it works with self-signed certs where 0.9.8 didn't? Selfsigned hasn't changed, and I retested it works in both 0.9.8q and 1.0.0a Windows and Linux for me. (I don't have 8o set up at present, but this has worked for me back to 0.9.7.something at least.) I refuse to believe it is a difference in Linux vs Windows as such, but it could be a difference in the BUILDS (particularly options) you use on Linux vs Windows. Did you build both from source, and with any nondefault options? Or do you use packages someone else built, and who and how? > Given that 1.0.0a works fine, does that indicate my implementation > is correct? Maybe, but it's hard to be sure. > Finally, and most important, what can I do to get the Linux/0.9.8o > to be able to connect? (side note: curl and wget on the Linux box > have the same problem) If they use openssl and in particular the same build of openssl i.e. the system-installed one if you haven't rebuilt/customized things then I would expect them to get the same results. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
