_
From: Ramaiah, Ravichandran Bagalur
Sent: Wednesday, June 29, 2022 12:55 PM
To: Matt Caswell ; openssl-users@openssl.org
Subject: RE: [EXTERNAL] Re: SSL error (78c0100): malloc failure while
implementing tls 1.3
Hi Matt,
Below is the error I got
; openssl-users@openssl.org
Subject: [EXTERNAL] Re: SSL error (78c0100): malloc failure while implementing
tls 1.3
On 16/06/2022 05:52, Ramaiah, Ravichandran Bagalur wrote:
>
> *SSL error (78c0100): malloc failure
Do you get anything in the OpenSSL error stack for this (e.g. try
"ERR_prin
On 16/06/2022 05:52, Ramaiah, Ravichandran Bagalur wrote:
*SSL error (78c0100): malloc failure
Do you get anything in the OpenSSL error stack for this (e.g. try
"ERR_print_errors_fp(stdout);").
We need a bit more to go on to figure out where specifically the malloc
failure is
: openssl-users@openssl.org
Subject: SSL error (78c0100): malloc failure while implementing tls 1.3
Hi All,
I'm trying to implement tls 1.3 support in my application. But I'm facing
malloc failure error.
Could you please help me understand why this error is happening? How to solve
ion ticket
*SSL_SESSION_free ref
*Session deleted on 2
*SSL3 alert write:fatal:internal error
*SSL_accept:error in error
*SSL error (78c0100): malloc failure
*ERROR on SSL_read err=1 flag=0
*Initiating SSL shutdown
I generated client and server certificates using below commands. And I used
TLS_AES_128_
>For example, I want the string "SSL_R_TOO_MANY_WARN_ALERTS" for an
error with that value, not just the "too many alerts" description.
You're correct, it's not done.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
For example, I want the string "SSL_R_TOO_MANY_WARN_ALERTS" for an
error with that value, not just the "too many alerts" description.
I'm suspecting not, I don't see any use of #reason in ERR_REASON() or
the macros it uses.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mai
On 12/04/18 07:05, shagun maheshwari wrote:
> Hi,
>
> We are getting an error "OpenSSL error hex string is too long invalid hex key
> value" . OpenSSL version we are using is openssl-1.0.2k-8.el7. We have solved
> this issue by applying a patch in openssl package suggested by openssl
> commun
Hi,
We are getting an error "OpenSSL error hex string is too long invalid
hex key value" . OpenSSL version we are using is openssl-1.0.2k-8.el7.
We have solved this issue by applying a patch in openssl package
suggested by openssl community
(https://clicktime.symantec.com/a/1/7Fg4lSHbjGfkPSCbaHTn0
On 2017-06-01 12:23, Michael Wojcik wrote:
On the other hand, this doesn't really answer Florin's question of why
the server sees so many clients falling back. If the load is bursty,
it might be listen-queue dumping. I don't know if Nginx lets you
configure the listen queue depth, but at some po
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Salz, Rich via openssl-users
> Sent: Thursday, June 01, 2017 14:44
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] SSL error “inappropriate fallback” and
> TLS_FALLBACK_SCSV
&g
> What I find surprising is the rate of these errors. For every 100 legitimate
> HTTP requests that make it to Nginx, I get 2.5 “inappropriate fallback” SSL
> errors. That's a lot of noise.
>
> I guess I'll have to adjust my expectations.
That's not out of line with other measurements I've been t
On 2017-06-01 11:43, Salz, Rich via openssl-users wrote:
Would clients actually attempt to send TLS_FALLBACK_SCSV even if the
previous connection attempt failed for reasons other than TLS? If,
say, the
initial connection attempt failed at the TCP level? That sounds a
little strange
to me.
Ye
> Would clients actually attempt to send TLS_FALLBACK_SCSV even if the
> previous connection attempt failed for reasons other than TLS? If, say, the
> initial connection attempt failed at the TCP level? That sounds a little
> strange
> to me.
Yes they do.
There are many badly written clients out
On 2017-06-01 02:13, Matt Caswell wrote:
The presence of this error doesn't actually mean that you are under
attack. It just means that the client made an earlier connection
attempt
with a higher version number and it failed. There could be many reasons
for the failure. For example, plausibly,
On 01/06/17 02:58, Florin Andrei wrote:
> It's a little puzzling because the exchange of crypto messages uses TLS
> 1.0 which the server definitely supports, and the client should be very
> likely to support too.
>
> I've seen discussions online saying that the presence of the
> TLS_FALLBACK_SCS
SHA256:AES128-SHA256:AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA';
ssl_prefer_server_ciphers on;
I've verified with nmap and I get the same ssl-enum-ciphers list from
Nginx.
Now in the Nginx error log I get lots of lines like this:
SSL_do_handshake() f
> On Apr 19, 2017, at 12:48 PM, Joseph Southwell
> wrote:
>
> Sorry we did do that. It just didn’t look different so I didn’t send it
> (pasted below). I also have asked for help from the server admin but it is a
> non English speaking country and they don’t seem to be interested in talking
Sorry we did do that. It just didn’t look different so I didn’t send it (pasted
below). I also have asked for help from the server admin but it is a non
English speaking country and they don’t seem to be interested in talking to me.
I have another product supposedly using OpenSSL that is current
On Tue, Apr 18, 2017 at 05:06:40PM +, Viktor Dukhovni wrote:
> The ClientHello decodes via tshark as:
>
> [...]
> Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
> Cipher Su
Is there a way to enable one or both of those ciphers in OpenSSL?
> On Apr 18, 2017, at 1:28 PM, Jason Schultz wrote:
>
> RSA_With_AES_128_CBC_SHA and RSA_With_3DES_EDE_CBC_SHA
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
penssl-users on behalf of Viktor
Dukhovni
Sent: Tuesday, April 18, 2017 5:06 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Help with ssl error
On Tue, Apr 18, 2017 at 11:17:48AM -0400, Joseph Southwell wrote:
> It doesn’t look like it requested a client certificate to me.
Cor
On Tue, Apr 18, 2017 at 11:17:48AM -0400, Joseph Southwell wrote:
> It doesn’t look like it requested a client certificate to me.
Correct, the server alert was returned immediately in response
to the TLS ClientHello.
> $ openssl s_client -state -msg -connect ftp.echannel.banksys.be:16370
> -sta
It doesn’t look like it requested a client certificate to me.
openssl110e>openssl s_client -state -msg -connect ftp.echannel.banksys.be:16370
-starttls ftp
CONNECTED(0104)
SSL_connect:before SSL initialization
>>> ??? [length 0005]
16 03 01 00 ab
>>> TLS 1.2Handshake [length 00ab], Client
> On Apr 14, 2017, at 9:48 AM, Joseph Southwell
> wrote:
>
> Version 1.1 openssl
>
> openssl.exe s_client -connect hostname:16370 -starttls ftp
> 877788:error:1409442F:SSL routines:ssl3_read_bytes:tlsv1 alert insufficient
> security:ssl\record\rec_layer_s3.c:1385:SSL alert number 71
The remo
Version 1.1 openssl
openssl.exe s_client -connect hostname:16370 -starttls ftp
CONNECTED(0104)
877788:error:1409442F:SSL routines:ssl3_read_bytes:tlsv1 alert insufficient
security:ssl\record\rec_layer_s3.c:1385:SSL alert number 71
The host I am connecting to apparently only supports the foll
Hello,
Thank to both of you.
Best regards,
--
Francis
Le 17/09/2014 20:38, Dave Thompson a écrit :
From: owner-openssl-us...@openssl.org On Behalf Of Francis GASCHET
Sent: Wednesday, September 17, 2014 13:35
We use openSSL in OFTP2 implementation. The OFTP2 working group
decided
to strongly rec
> From: owner-openssl-us...@openssl.org On Behalf Of Francis GASCHET
> Sent: Wednesday, September 17, 2014 13:35
> We use openSSL in OFTP2 implementation. The OFTP2 working group
> decided
> to strongly recommend to use preferably the cipher suites including PFS
> (ephemeral Diffie Hellman).
To
On Wed, Sep 17, 2014 at 07:34:44PM +0200, Francis GASCHET wrote:
> We use openSSL in OFTP2 implementation. The OFTP2 working group decided to
> strongly recommend to use preferably the cipher suites including PFS
> (ephemeral Diffie Hellman).
Preferably, does not mean exclusively. You should pro
Hello,
We use openSSL in OFTP2 implementation. The OFTP2 working group decided
to strongly recommend to use preferably the cipher suites including PFS
(ephemeral Diffie Hellman).
So in our iplementation (linked against openssl 1.0.1g) I limited the
list of offered ciphers (client) and prefered
On 31-07-2013 11:16, Rajeev Tomar wrote:
Hi
>
We are using openssl 0.9.8 in our application.
Things are working fine and suddenly we are having .
Linux awtah.dispatchserver1 3.6.11-1.fc16.i686 #1 SMP Mon Dec 17
21:36:23 UTC 2012 i686 i686 i386 GNU/Linux
error:1408F119:SSL routines:SSL3_GET_RECOR
Hi
We are using openssl 0.9.8 in our application.
Things are working fine and suddenly we are having .
Linux awtah.dispatchserver1 3.6.11-1.fc16.i686 #1 SMP Mon Dec 17 21:36:23 UTC
2012 i686 i686 i386 GNU/Linux
error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record
mac:s3_
s...@openssl.org
>
> 03/27/2012 09:24 AM
>
> Please respond to
> openssl-users@openssl.org
>
> To
>
> openssl-users@openssl.org
>
> cc
>
> Subject
>
> SSL error: SSL error code 336151528 (a seemingly rare error/bug?)
>
> While working on postgr
While working on postgres driver in Go, I began getting these errors
in my postgres logs:
"SSL error: SSL error code 336151528"
I spoke with a postgres team member and they aren't sure exactly where
this is coming from.
A little more research on my side found someone else getting
> From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout
> Sent: Wednesday, 18 January, 2012 02:52
> root@1143726:/usr/bin# openssl s_client -connect 10.204.4.69:7003
> WARNING: can't open config file: /usr/ssl/openssl.cnf
> CONNECTED(0003)
> depth=0 C = IN, ST = Karnataka, L = Bangalo
tensions:
X509v3 Basic Constraints:
CA:FALSE
Please let me know what is missing here & why i am getting the above error.
Best regards,
S S Rout
--
View this message in context:
http://old.nabble.com/Please-Help-me-out--SSL-ERROR-tp33159464p33159464.html
Sent from the Op
On 05/31/2011 03:02 PM, David Mitchell wrote:
>
> On May 31, 2011, at 2:32 PM, Dave Thompson wrote:
>
>>> From: owner-openssl-us...@openssl.org On Behalf Of David Mitchell
>>> Sent: Friday, 27 May, 2011 12:35
>>
>>> I'm having some problems with EAP-TLS in FreeRadius 2.1.10. I
>>> have a client
On May 31, 2011, at 2:32 PM, Dave Thompson wrote:
>> From: owner-openssl-us...@openssl.org On Behalf Of David Mitchell
>> Sent: Friday, 27 May, 2011 12:35
>
>> I'm having some problems with EAP-TLS in FreeRadius 2.1.10. I
>> have a client
>> where authentication attempts always fail with the re
> From: owner-openssl-us...@openssl.org On Behalf Of David Mitchell
> Sent: Friday, 27 May, 2011 12:35
> I'm having some problems with EAP-TLS in FreeRadius 2.1.10. I
> have a client
> where authentication attempts always fail with the relatively generic
> error below. I've tried to figure out wh
bad_certificate
Fri May 27 10:17:51 2011 : Error: TLS Alert read:fatal:bad certificate
Fri May 27 10:17:51 2011 : Error: TLS_accept: failed in SSLv3 read client
certificate A
Fri May 27 10:17:51 2011 : Error: rlm_eap: SSL error error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad ce
On Tue, Mar 29, 2011 at 10:15:04AM +0200, Aarno Syv?nen wrote:
> HI,
>
> what would error OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start
> line mean ?
A PEM file was expected, but the input was not a PEM file, specifically,
it had no "-BEGIN ...-" line.
--
Viktor.
HI,
what would error OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start
line mean ?
Aarno
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-use
Dr. Stephen Henson wrote:
> > > openssl s_client -connect xxx.org:443
> > > and it should say if secure renegotiation is supported in
> > > the output.
> > Thanks for the tip! I tried, but I am afraid I cannot tell
> > whether it is the case or not, based on this output. I tried
> > on googl
Hi,
I am using openssl from within neon, itself used from within
Subversion. During an svnsync, I receive the following error
message:
svnsync: PROPFIND of '/svn/xxx': SSL negotiation failed: SSL
error: parse tlsext (https://xxx.org)
If I am right, this message comes fr
On Wed, Apr 07, 2010, Florent Georges wrote:
> Dr. Stephen Henson wrote:
>
> Thanks for your fast response!
>
> > That looks like it is only part of the actual error code.
>
> That's all I have. I guess either Subversion or Neon truncates
> the error message.
>
> > I suspect it is because
Dr. Stephen Henson wrote:
Thanks for your fast response!
> That looks like it is only part of the actual error code.
That's all I have. I guess either Subversion or Neon truncates
the error message.
> I suspect it is because the server doesn't support secure
> renegotiation. You can check
On Wed, Apr 07, 2010, Florent Georges wrote:
> Hi,
>
> I am using openssl from within neon, itself used from within
> Subversion. During an svnsync, I receive the following error
> message:
>
> svnsync: PROPFIND of '/svn/xxx': SSL negotiation failed
Hi,
I am using openssl from within neon, itself used from within
Subversion. During an svnsync, I receive the following error
message:
svnsync: PROPFIND of '/svn/xxx': SSL negotiation failed: SSL
error: parse tlsext (https://xxx.org)
If I am right, this message comes fr
Network Analyst
mjo...@hpsd48.ab.ca
Office 523-2818 ext 182
Mobile 536-6641
Netware, because life is too short to reboot
: >>> TLS 1.0 Alert [length 0002], fatal certificate_unknown
TLS Alert write:fatal:certificate unknown
TLS_accept:error in SSLv3 read client certificate B
rlm_eap:
e.
G.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Weigang Gong
Sent: 25 February 2008 14:55
To: openssl-users@openssl.org
Subject: SSL Error and Info messages
Hi, openssl community,
My application calls some library functions, which uses Op
> My application calls some library functions, which uses
> OpenSSL. When my appliction runs, I believe OpenSSL emitted
> some messages described below.
Nope. Your application emitted them. OpenSSL detected them and reported
them, you chose to print them out.
> Does anyone know what caused thos
Hi, openssl community,
My application calls some library functions, which uses OpenSSL. When my
appliction runs, I believe OpenSSL emitted some messages described below.
1. Sometimes, following Error messages will be emitted:
ERR-05255|8|04:26:25.540503|sslsocket.cpp[581] - SSL Error: Error
Try this..
./openssl s_client -tls1 -connect www.cia.gov:443
On 10/24/07, Lutz Jaenicke <[EMAIL PROTECTED]> wrote:
>
> Isolating the problem is more or less simple:
> openssl s_client -connect www.cia.gov:443
> shows the intermittent failures as well, so we can rule out all
> applications (cur
On Tue, 2007-10-23 at 22:02 -0700, Alex Lam wrote:
> That's TLSv1, not SSLv2.
>
> : 01 03 01 00 63 00 00 00 10 00 00 39 00 00 38 00 c..9..8.
> 0010: 00 35 00 00 88 00 00 87 00 00 84 00 00 16 00
> 00 .5..
> 0020: 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f .3..2
Isolating the problem is more or less simple:
openssl s_client -connect www.cia.gov:443
shows the intermittent failures as well, so we can rule out all
applications (curl, wget, ...). Has to be some basic thing.
I tend to observe the failure with s_client not on the first attempt but
on the nth
That's TLSv1, not SSLv2.
: 01 03 01 00 63 00 00 00 10 00 00 39 00 00 38 00 c..9..8.
0010: 00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00 .5..
0020: 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f .3..2../
0030: 00 00 45 00 00 44 00 00 41 00 00 07 05 00 80 03 ..E..D
Marek Marcola wrote:
> I think that this is CIA webserver problem.
> You may test this with:
> $ openssl s_client -connect www.cia.gov:443 -state -debug -msg [[-ssl3]
> [-tls1]]
> and in any combination after some successful connection you will get failed
> connections.
> For example:
> $ opens
Hello,
> We use curl to retrieve webpages, and recently started receiving an
> intermittent (40-60% of the time) error when retrieving a page from the
> CIA. About two weeks ago, they switched to running https only, with the
> http URLs being forwarded to the https equivalents.
>
> The error we re
Hey all:
We use curl to retrieve webpages, and recently started receiving an
intermittent (40-60% of the time) error when retrieving a page from the
CIA. About two weeks ago, they switched to running https only, with the
http URLs being forwarded to the https equivalents.
The error we receive is:
Hello,
> I am trying to verify a certificate with the folowing command line on a
> windows 32 bit plateform:
>
> C:\OpenSSL\bin> openssl verify -CAfile d:\cert.pem d:\cert2.pem
>
> It replies me:
>
> d:\cert2.pem: /C=FR/ST=Cote d Or/L=Saint Apollinaire/O=societe des AUTOROUTES
> PARIS RHIN RHO
Hi
I am trying to verify a certificate with the folowing command line on a windows
32 bit plateform:
C:\OpenSSL\bin> openssl verify -CAfile d:\cert.pem d:\cert2.pem
It replies me:
d:\cert2.pem: /C=FR/ST=Cote d Or/L=Saint Apollinaire/O=societe des AUTOROUTES
PARIS RHIN RHONE/OU=DTR/DRTM/RT/OU=P
Hi all
What functions use to clean up SSl Error Queue in Multithread
Applications ??
Thank You
TD
2007/4/10, Johans Taboada <[EMAIL PROTECTED]>:
Hi list, I ask for help please.
Still waiting...
DatabaseError: SSL error: cipher or hash unavailable\n
...
OperationalError: SSL error: cipher or hash unavailable\n
...
What does it really mean '''cipher or hash
eight server, tracd), it works with
no problems.
But when I use it throught apache2+mod_python, apache shows HTTP 500:
{{{
# error_log, using pyPgSQL
[Thu Apr 05 19:25:43 2007] [error] [client 192.168.2.52]
DatabaseError: SSL error: cipher or hash unavailable\n
[Thu Apr 05 19:25:43 2007] [
Hello,
> The problem is with my x509. What do I do to fix that?
>
> On 8/23/06, Marek Marcola <[EMAIL PROTECTED] > wrote:
> Hello,
> >
> > Hi. I am new at this and at my wits end. I keep on
> getting the
> > same error when I try and start l
The problem is with my x509. What do I do to fix that?On 8/23/06, Marek Marcola <[EMAIL PROTECTED]
> wrote:Hello,>> Hi. I am new at this and at my wits end. I keep on getting the
> same error when I try and start lighttpd. I have rekeyed my> cert 2 times now so I am fairly c
Hello,
>
> Hi. I am new at this and at my wits end. I keep on getting the
> same error when I try and start lighttpd. I have rekeyed my
> cert 2 times now so I am fairly certain that it is not a
> problem there. I have redone the KEY and CSR as well. I do no
a-file = "path to ca"
Thanks,ViSolve Security Consulting
Group
- Original Message -
From:
Timothy Wright
To:
openssl-users@openssl.org
Sent: Tuesday, August 22, 2006 1:26
AM
Subject: lighttpd and ssl error
Hi. I am new at this and at my wits end. I kee
Timothy Wright
To: openssl-users@openssl.org
Sent: Tuesday, August 22, 2006 1:26
AM
Subject: lighttpd and ssl error
Hi. I am new at this and at my wits end. I keep on getting the
same error when I try and start lighttpd. I have rekeyed my cert 2 times now
so I am fairly certa
Hi. I am new at this and at my wits end. I keep on getting the same error when I try and start lighttpd. I have rekeyed my cert 2 times now so I am fairly certain that it is not a problem there. I have redone the KEY and CSR as well. I do not know what to do. Please let me know if you have any idea
On Wed, Aug 09, 2006, Carlo Agopian wrote:
> Hello,
>
> Has anybody seen the following runtime error message before?
>
> error::lib(0):func(0):reason(0)
>
Yes. It normally means "no error has been placed on the queue and the the
application wrongly thinks it has and can print it
You can't reuse a socket for a TCP connection, but you certainly can reuse the same TCP socket for an arbitrary number of SSL connections as long as you don't compromise the TCP connection while you're doing it. I suspect that is the intention here and from the sounds of things (if all he is getti
sorry if I misunderstood you, but AFAIK, pure sockets API doesnt allow socket reuse as such. You have to have a new socket for every TCP connection, you can't "reuse" a socket.
From: "Carlo Agopian" <[EMAIL PROTECTED]>Reply-To: openssl-users@openssl.orgTo: CC: "Carlo Agopian" <[EMAIL PROTECTED]>S
This error is indicative that there is no error. You have simply read the error buffer one more time than you should have. There is absolutely nothing wrong with your application state if you see this reported. In my experience it wont cause any application problems if you check the error queue
Title: SSL Error
Hello,
Has anybody seen the following runtime error message before?
error::lib(0):func(0):reason(0)
It seems to be coming from the following openssl function: ERR_error_string(m_sslError, 0). This error occurs in a C++ client application that sends SSL
Dr. Henson--
Adding in a call to OpenSSL_add_all_algorithms() fixed the error.
Thanks for the assistance.
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopen
On Thu, Jun 08, 2006, David Gillingham wrote:
> I was able to convert the key as you instructed, and I overwrote the
> old RSA private key from my server.pem file with the new PKCS8 one. I
> am now a getting a different error message. From these new messages,
> I'm guessing OpenSSL is expecting
I was able to convert the key as you instructed, and I overwrote the
old RSA private key from my server.pem file with the new PKCS8 one. I
am now a getting a different error message. From these new messages,
I'm guessing OpenSSL is expecting a file in PKCS12 format, but that my
file does not mat
On Wed, Jun 07, 2006, David Gillingham wrote:
> Hello all,
>
> I've been tasked to internally investigate a system that utilizes
> STunnel and OpenSSL to create a secure wrapper for a propietary
> protocol. Additionally, this solution must eventually be FIPS 140-2
> compliant.
>
> So, using ins
On Wed, Jun 07, 2006, David Gillingham wrote:
> Hello all,
>
> I've been tasked to internally investigate a system that utilizes
> STunnel and OpenSSL to create a secure wrapper for a propietary
> protocol. Additionally, this solution must eventually be FIPS 140-2
> compliant.
>
> 608008D: erro
Hello all,
I've been tasked to internally investigate a system that utilizes
STunnel and OpenSSL to create a secure wrapper for a propietary
protocol. Additionally, this solution must eventually be FIPS 140-2
compliant.
So, using instructions outlined in the OpenSSL FIPS Security Policy
and on
On 1/31/06, Jason Williard <[EMAIL PROTECTED]> wrote:
>
> I considered this as a possibility. The part that doesn't make sense is
> that I was under the belief that OpenSSL v0.9.7i supports both SSLv2 &
> SSLv3. Is this correct?
It does, yes, but by default there's no ciphers or protocol version
> Your client is trying to use SSLv2, or SSLv3, and the server is
> configured to not allow that protocol. (Or, the server isn't
> configured to use any protocol.)
>
> I don't know the specifics of how to configure what you're doing, but
> I do know that there are environment variables available
Your client is trying to use SSLv2, or SSLv3, and the server is
configured to not allow that protocol. (Or, the server isn't
configured to use any protocol.)
I don't know the specifics of how to configure what you're doing, but
I do know that there are environment variables available to specify
w
I just installed CVSNT 2.5.03.2151 on a Red Hat Enterprise 4 server. OpenSSL
was previously installed with prefix /usr. When I attempt to connect using
TortoiseCVS, I get the following error:
SSL connection failed (-1): error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number cvs.exe [imp
ably means the server terminated abnormally
before or while processing the request.
And the server log says:
[24129] LOG: SSL error: decryption failed or bad record mac
[24129] LOG: pq_recvbuf: recv() failed: Connection reset by peer
There is no problem when not using SSL. The Samba code doesn&
On Mon, Jan 24, 2005, Yuriy Synov wrote:
> In fact I'm not using OpenSSL library directly. I use an open source library
> Indy which in turn makes use of OpenSSL. I discovered that POP3 servers that
> use DES-CBC3-SHA work correctly with my program, and the server that fails
> uses RC4-SHA. I got
eters, but
it means that I will need to modify Indy (the lib I'm using) which is not a
very simple task. I will report to this list if I get any positive results.
- Original Message -
From: "mclellan, dave" <[EMAIL PROTECTED]>
To:
Sent: Sunday, January 23, 2005 3:12
On Mon, Jan 24, 2005, Yuriy Synov wrote:
> > See if you can connect to the server using the s_client test program. For
> > example:
> >
> > openssl s_client -conntect hostname:995
> >
> > (use whatever port it uses for POP4+SSL, 995 is standard).
>
> Output from 'openssl s_client' follows:
>
> [
lf signed certificate in certificate chain)
---
+OK <[EMAIL PROTECTED]> (mtiwpxc03) Maillennium POP3/PROXY
server
#2
and after that I can enter POP3 commands.
- Original Message -
From: "Dr. Stephen Henson" <[EMAIL PROTECTED]>
To:
Sent: Saturday, January 22, 2005 2:19
ftware Engineer
EMC Corporation
228 South St.
Hopkinton MA 01748
phone: 508-249-1257
fax 508-497-8030
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Henry Su
Sent: Friday, January 21, 2005 3:11 PM
To: openssl-users@openssl.org
Subject: RE: SSL error:
On Sat, Jan 22, 2005, Yuriy Synov wrote:
> > No sure if you have set it or not. If not, you can try following example:
> >
> > #define CIPHER_LIST "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
> >
> > SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) ;
>
> I tried to set that cipher list, and now I get the followi
[EMAIL PROTECTED]>
To:
Sent: Friday, January 21, 2005 10:10 PM
Subject: RE: SSL error: no cipher list
> No sure if you have set it or not. If not, you can try following example:
>
> #define CIPHER_LIST "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
>
> SSL_CTX_set_cipher_list
y, January 21, 2005 6:15 AM
To: openssl
Subject: SSL error: no cipher list
Dear All,
I get this error with one POP3 server when I call function SSL_connect:
error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list
Could someone tell me what it means and how I can get rid of it? TIA
Be
Dear All,
I get this error with one POP3 server when I call function SSL_connect:
error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list
Could someone tell me what it means and how I can get rid of it? TIA
Best regards,
Yuriy Synov.
___
Hello All,
I am getting an error in my Apache log:
Mod_ossl: Unable to establish SSL protocol (server name)
Mod_ossl: SSL call to NZ function nzos_Handshake failed with
error 28864
Any idea why this is happening?
Thanks
_
Michael
A.
I'm trying to get two vhosts on separate public IPs using separate secure
certificates working on an apache server (mods and version in log below).
The operating system is Mandrake 10. The sites work perfectly without the
secure certificates as IP based vhosts.
I've been playing with the Vhosts.c
Title: SSL Error SSL3_GET_MESSAGE
I have an error in the SSL logs that I don't know how to fix. From the research I've done this is caused by a cert larger than 1024 bits.
Upgrade is not an option at this time because of the application
My configuration is
NT 4.0
O
I'm running an OpenSSL-enabled application (nessus) that fails with
the following error message:
SSL_CTX_load_verify_locations[737]: error:06065064:digital envelope
routines:EVP_DecryptFinal:bad decrypt
How can I determine the reason for this failure?
Thanks!
KJ
___
On Wed, Dec 04, 2002 at 01:56:12PM -0500, Will Day wrote:
> >I tried to verify my cert using:
> >error 20 at 0 depth lookup:unable to get local issuer certificate
> >
> >What does error 20 mean? The cert works when using https, imaps, pop3s,
> >etc.
unable to get local issuer certificate means th
1 - 100 of 117 matches
Mail list logo
