On Mon, Jun 11, 2012 at 4:32 PM, Garrison, Jim (ETW) <[email protected]> wrote: > I am trying to connect to a subversion server that requires https, and for > some reason, is configured to require SSL3 or TLS1. It refuses to respond > to SSL or SSL2. You are lucky its responds to SSLv3. I would shut it down too (TLSv1 is not too far away for me, either).
> I’ve done some troubleshooting using s_client and confirmed that if I let > s_client start with the default protocol the server never responds to the > CLIENT HELLO: > > $ openssl s_client -connect server.domain.com:443 > > CONNECTED(00000003) > > write:errno=104 > > --- > > no peer certificate available > > --- > > No client certificate CA names sent > > --- > > SSL handshake has read 0 bytes and written 320 bytes > > --- > > New, (NONE), Cipher is (NONE) > > Secure Renegotiation IS NOT supported > > Compression: NONE > > Expansion: NONE > > --- > > Watching this in Wireshark I see: > > Client Server > > -------syn----------> > > <------ack----------- > > --SSL CLIENT HELLO--> > > <------ack----------- > > [60 second pause] > > <------rst----------- > > If I tell s_client to use ssl2 the server immediately closes the connection. > With ssl3 and tls1 I can establish a connection. > > Is there any way to configure openSSL (when being used from inside the > subversion client) to skip SSL and SSL2, and start the negotiation with TLS > or SSL3? > > I've found the OpenSSL config file, but that seems to control only > certificate generation. http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
