Lara Adianto wrote:
I actually used openssl-0.9.6i, it compiled perfectly and can link with openldap properly. But when I tested the TLS connection with the server, it threw me : ----------------------------------------------------- .... TLS trace: SSL_accept:before/accept initialization TLS trace: SSL_accept:SSLv3 read client hello A TLS trace: SSL_accept:SSLv3 write server hello A TLS trace: SSL_accept:SSLv3 write certificate A TLS trace: SSL_accept:SSLv3 write server done A TLS trace: SSL_accept:SSLv3 flush data TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS trace: SSL_accept:error in SSLv3 read client certificate A daemon: select: listen=6 active_threads=0 tvp=NULL daemon: select: listen=7 active_threads=0 tvp=NULL daemon: activity on 1 descriptors daemon: activity on: 10r daemon: read activity on 10 connection_get(10): got connid=1 connection_read(10): checking for input on id=1 TLS trace: SSL_accept:error in SSLv3 read client certificate A TLS: can't accept. TLS: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number s3_pkt.c:297
The last two lines say (after a look into s3_pkt.c at line 297) that the major version number in the SSL record is unequal to '3'. It may be that the client speaks only SSLv2, check therefore the client configuration.
It may be helpful if you trace the handshake with ssldump (see http://www.rtfm.com).
connection_read(10): TLS accept error error=-1 id=1, closing connection_closing: readying conn=1 sd=10 for close connection_close: conn=1 sd=10 -----------------------------------------------------
I posted this problem to this list, but nobody replied...so I thought that I have to use the same version of ssl in the server and the client....is this true ?
I would be surprised if using the same version of OpenSSL helps ;-). Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbHm ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]