This may sound basic, but have you verified that the firewall on the server is set up to allow communication from the client? I think Ubuntu's firewall rejects all traffic to ports that don't match what its installed and configured packages claim they run on, without external configuration.
-Kyle H On September 18, 2014 6:02:16 AM PDT, espe...@oreillyauto.com wrote: > >I have an ubuntu 14.04 with openssl 1.0.1f-1ubuntu2.3 server running >and a >another server connecting as the client with ubuntu 12.04 with openssl >1.0.1-4ubuntu5.16. I am getting an error about the TLS handshake >failing >i/o timeout. I have tried using our internal wildcard certs on both >servers since I already have that on my web server , aka - the client, >and >I generated a sif signed cert on the server and copied it to the >client. >Both produce the same results. > >On the server I took a tcpdump and then did an ssldup of that file and >this >is what I am seeing for every connection: > >210 1 0.0012 (0.0012) C>S Handshake >ClientHello >Version 3.1 >cipher suites >TLS_RSA_WITH_RC4_128_SHA >TLS_RSA_WITH_3DES_EDE_CBC_SHA >TLS_RSA_WITH_AES_128_CBC_SHA >TLS_RSA_WITH_AES_256_CBC_SHA >Unknown value 0xc011 >Unknown value 0xc012 >Unknown value 0xc013 >Unknown value 0xc014 >compression methods >NULL > >I have looking through posts trying to find an answer with no luck yet. >Any and all help is appreciated. > >Thanks, >Eric Speake >Web Systems Administrator >O'Reilly Auto Parts > (417) 862-2674 Ext. 1975 > >This communication and any attachments are confidential, protected by >Communications Privacy Act 18 USCS � 2510, solely for the use of the >intended recipient, and may contain legally privileged material. If you >are not the intended recipient, please return or destroy it >immediately. Thank you. >______________________________________________________________________ >OpenSSL Project http://www.openssl.org >User Support Mailing List openssl-users@openssl.org >Automated List Manager majord...@openssl.org -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
