Forwarded to openssl-users for discussion. Best regards, Lutz
----- Forwarded message from Kalaiselvan P <[EMAIL PROTECTED]> ----- To: [EMAIL PROTECTED] Subject: SSL communication error due to SSL alert 40 From: Kalaiselvan P <[EMAIL PROTECTED]> Date: Tue, 29 Jan 2008 17:40:45 +0530 Hi, We are trying to communicate using https with an airline whose server ip is 57.60.20.77 wherein the ssl handshake fails stating "SSL alert number 40". We have created an self signed certificate and implemented in both sides. Having googled found that it is failing to negotiate due to security parameters. Please suggest as to what the error exactly refers to and what could be the possible solution to rectify the same. Thanks in advance. openssl version -> OpenSSL 0.9.8a 11 Oct 2005 Operating System Version->SUSE Linux 10 (Linux 2.6.16.46-0.12-bigsmp #1 SMP Thu May 17 14:00:09 UTC 2007 i686 i686 i386 GNU/Linux) openssl s_client -connect 57.60.20.77:443 -state -msg -ssl3 CONNECTED(00000003) SSL_connect:before/connect initialization >>> SSL 3.0 Handshake [length 005f], ClientHello 01 00 00 5b 03 00 47 9f 15 d6 4e 52 41 63 4a 95 47 d3 81 09 76 b3 d1 de 9e e1 0d e4 5f 6b fe ef 8a a7 68 39 96 6d 00 00 34 00 39 00 38 00 35 00 16 00 13 00 0a 00 33 00 32 00 2f 00 66 00 05 00 04 00 63 00 62 00 61 00 15 00 12 00 09 00 65 00 64 00 60 00 14 00 11 00 08 00 06 00 03 01 00 SSL_connect:SSLv3 write client hello A <<< SSL 3.0 Handshake [length 003a], ServerHello 02 00 00 36 03 00 47 9f 05 8a 13 66 43 7d a4 c7 27 b0 16 c4 61 8b 95 1e 23 60 71 61 5e ea 6d 69 25 64 c1 e1 2b 75 10 7e 43 61 a4 45 5f c1 ec 88 3d 6f bf 67 d9 db 53 00 04 00 SSL_connect:SSLv3 read server hello A <<< SSL 3.0 Handshake [length 025a], Certificate 0b 00 02 56 00 02 53 00 02 50 30 82 02 4c 30 82 01 b5 02 04 46 2f 69 1c 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 6d 31 0b 30 09 06 03 55 04 06 13 02 53 47 31 0b 30 09 06 03 55 04 08 13 02 53 47 31 09 30 07 06 03 55 04 07 13 00 31 0b 30 09 06 03 55 04 0a 13 02 53 51 31 0b 30 09 06 03 55 04 0b 13 02 53 51 31 2c 30 2a 06 03 55 04 03 13 23 77 65 62 73 65 72 76 69 63 65 64 65 76 2e 73 69 61 2e 73 74 61 72 2d 61 6c 6c 69 61 6e 63 65 2e 6e 65 74 30 1e 17 0d 30 37 30 34 32 35 31 34 34 33 34 30 5a 17 0d 31 32 30 34 32 33 31 34 34 33 34 30 5a 30 6d 31 0b 30 09 06 03 55 04 06 13 02 53 47 31 0b 30 09 06 03 55 04 08 13 02 53 47 31 09 30 07 06 03 55 04 07 13 00 31 0b 30 09 06 03 55 04 0a 13 02 53 51 31 0b 30 09 06 03 55 04 0b 13 02 53 51 31 2c 30 2a 06 03 55 04 03 13 23 77 65 62 73 65 72 76 69 63 65 64 65 76 2e 73 69 61 2e 73 74 61 72 2d 61 6c 6c 69 61 6e 63 65 2e 6e 65 74 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 c0 84 47 70 b7 e7 52 55 83 5c 86 45 77 14 0d 69 2b 75 24 64 47 54 88 f3 dd a5 12 a5 dd c8 f0 68 da 6d 47 35 54 62 85 06 56 a8 ad 26 17 92 a1 66 f5 94 38 40 96 46 90 1b 95 71 4e 83 6a cb 2f 4b 78 86 77 ff 2d 2c ee d0 29 54 26 65 21 d3 e5 5d 86 46 8b d3 fc 8b 37 10 f9 77 eb 54 91 91 a5 7d 70 10 f6 97 e6 70 6c f6 e2 20 c3 da 34 1f 14 02 93 5d 3b b1 6e 58 7c b4 af a1 a8 cc 51 56 37 bb 02 03 01 00 01 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 03 81 81 00 0c e5 11 10 5b d0 7c a7 8c 41 4f ed 9d ed ce 28 97 40 6e cb 34 be 65 88 df cf 5f e4 92 e0 2e 05 7b c3 35 68 3f f8 19 37 d2 42 58 68 97 76 6b ce a3 f5 ab f4 ad 26 3c c1 74 77 96 ff 1d 7c b8 83 14 92 a5 26 35 0a 91 d9 ac bb 47 60 ab 5b 51 e0 f8 06 c5 64 41 88 a3 0e a1 ac b2 47 cb a7 33 af 2a 4a 05 0e 57 b2 a3 0b 7f 19 9a 85 f6 85 8e 0f 79 e0 e9 cb f9 65 f2 52 7e 04 36 b0 8d a0 0c 03 depth=0 /C=SG/ST=SG/L=/O=SQ/OU=SQ/CN=webservicedev.sia.star-alliance.net verify error:num=18:self signed certificate verify return:1 depth=0 /C=SG/ST=SG/L=/O=SQ/OU=SQ/CN=webservicedev.sia.star-alliance.net verify return:1 SSL_connect:SSLv3 read server certificate A <<< SSL 3.0 Handshake [length 012c], CertificateRequest 0d 00 01 28 03 01 02 05 01 22 00 4a 30 48 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04 0a 13 0c 73 74 61 72 61 6c 6c 69 61 6e 63 65 31 22 30 20 06 03 55 04 03 13 19 73 68 74 77 73 73 30 31 2e 73 74 61 72 61 6c 6c 69 61 6e 63 65 2e 63 6f 6d 00 43 30 41 31 0d 30 0b 06 03 55 04 0a 13 04 53 74 61 72 31 1b 30 19 06 03 55 04 0b 13 12 54 65 63 68 6e 69 63 61 6c 52 65 73 6f 75 72 63 65 73 31 13 30 11 06 03 55 04 03 13 0a 53 74 61 72 54 65 73 74 43 41 00 4a 30 48 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 03 55 04 0a 13 0c 73 74 61 72 61 6c 6c 69 61 6e 63 65 31 22 30 20 06 03 55 04 03 13 19 73 68 74 77 73 73 30 31 2e 73 74 61 72 61 6c 6c 69 61 6e 63 65 2e 63 6f 6d 00 43 30 41 31 0d 30 0b 06 03 55 04 0a 13 04 53 74 61 72 31 1b 30 19 06 03 55 04 0b 13 12 54 65 63 68 6e 69 63 61 6c 52 65 73 6f 75 72 63 65 73 31 13 30 11 06 03 55 04 03 13 0a 53 74 61 72 54 65 73 74 43 41 SSL_connect:SSLv3 read server certificate request A <<< SSL 3.0 Handshake [length 0004], ServerHelloDone 0e 00 00 00 SSL_connect:SSLv3 read server done A >>> SSL 3.0 Alert [length 0002], warning ??? 01 29 SSL3 alert write:warning:no certificate SSL_connect:SSLv3 write client certificate A >>> SSL 3.0 Handshake [length 0084], ClientKeyExchange 10 00 00 80 84 b5 87 5a 09 fa 88 c1 49 6e 0c be 11 f6 a2 1a a4 b2 d8 13 51 ec 5b b1 39 79 73 c5 c4 27 97 63 c1 85 2e 37 8b 6d 5e df 15 2d d3 7a 1e ea 81 43 ba 92 92 4a 11 cc b9 d2 bb 40 e1 b2 02 92 d0 50 04 4a 65 79 19 2a 1e a4 6b c0 09 9c 7c 43 2b 7c 7d 72 7a 45 75 7d 0d ce 2b 4c 17 0d d4 39 de e9 5f e0 90 52 db 82 22 3e 24 6d 25 da 17 b3 63 e8 32 de f6 c9 11 32 92 55 fe 63 ba 06 20 03 a4 c3 SSL_connect:SSLv3 write client key exchange A >>> SSL 3.0 ChangeCipherSpec [length 0001] 01 SSL_connect:SSLv3 write change cipher spec A >>> SSL 3.0 Handshake [length 0028], Finished 14 00 00 24 04 c5 6c c5 ff 86 5f 80 6d 96 4e 99 24 12 3f 04 a8 4b 7f 26 da 72 30 d6 52 8e 02 7e 5d ec 34 47 0b bd 2b e5 SSL_connect:SSLv3 write finished A SSL_connect:SSLv3 flush data <<< SSL 3.0 Alert [length 0002], fatal handshake_failure 02 28 SSL3 alert read:fatal:handshake failure SSL_connect:failed in SSLv3 read finished A 766:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1057:SSL alert number 40 766:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:534: Kalai Selvan P Tata Consultancy Services Mailto: [EMAIL PROTECTED] Website: http://www.tcs.com ____________________________________________ Experience certainty. IT Services Business Solutions Outsourcing ____________________________________________ =====-----=====-----===== Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you ----- End forwarded message ----- -- Lutz Jaenicke [EMAIL PROTECTED] OpenSSL Project http://www.openssl.org/~jaenicke/ ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]