Forwarded to openssl-users for discussion.
Best regards,
Lutz
----- Forwarded message from Kalaiselvan P <[EMAIL PROTECTED]> -----
To: [EMAIL PROTECTED]
Subject: SSL communication error due to SSL alert 40
From: Kalaiselvan P <[EMAIL PROTECTED]>
Date: Tue, 29 Jan 2008 17:40:45 +0530
Hi,
We are trying to communicate using https with an airline whose server ip
is 57.60.20.77 wherein the ssl handshake fails stating "SSL alert number
40".
We have created an self signed certificate and implemented in both sides.
Having googled found that it is failing to negotiate due to security
parameters.
Please suggest as to what the error exactly refers to and what could be
the possible solution to rectify the same. Thanks in advance.
openssl version -> OpenSSL 0.9.8a 11 Oct 2005
Operating System Version->SUSE Linux 10 (Linux 2.6.16.46-0.12-bigsmp #1
SMP Thu May 17 14:00:09 UTC 2007 i686 i686 i386 GNU/Linux)
openssl s_client -connect 57.60.20.77:443 -state -msg -ssl3
CONNECTED(00000003)
SSL_connect:before/connect initialization
>>> SSL 3.0 Handshake [length 005f], ClientHello
01 00 00 5b 03 00 47 9f 15 d6 4e 52 41 63 4a 95
47 d3 81 09 76 b3 d1 de 9e e1 0d e4 5f 6b fe ef
8a a7 68 39 96 6d 00 00 34 00 39 00 38 00 35 00
16 00 13 00 0a 00 33 00 32 00 2f 00 66 00 05 00
04 00 63 00 62 00 61 00 15 00 12 00 09 00 65 00
64 00 60 00 14 00 11 00 08 00 06 00 03 01 00
SSL_connect:SSLv3 write client hello A
<<< SSL 3.0 Handshake [length 003a], ServerHello
02 00 00 36 03 00 47 9f 05 8a 13 66 43 7d a4 c7
27 b0 16 c4 61 8b 95 1e 23 60 71 61 5e ea 6d 69
25 64 c1 e1 2b 75 10 7e 43 61 a4 45 5f c1 ec 88
3d 6f bf 67 d9 db 53 00 04 00
SSL_connect:SSLv3 read server hello A
<<< SSL 3.0 Handshake [length 025a], Certificate
0b 00 02 56 00 02 53 00 02 50 30 82 02 4c 30 82
01 b5 02 04 46 2f 69 1c 30 0d 06 09 2a 86 48 86
f7 0d 01 01 04 05 00 30 6d 31 0b 30 09 06 03 55
04 06 13 02 53 47 31 0b 30 09 06 03 55 04 08 13
02 53 47 31 09 30 07 06 03 55 04 07 13 00 31 0b
30 09 06 03 55 04 0a 13 02 53 51 31 0b 30 09 06
03 55 04 0b 13 02 53 51 31 2c 30 2a 06 03 55 04
03 13 23 77 65 62 73 65 72 76 69 63 65 64 65 76
2e 73 69 61 2e 73 74 61 72 2d 61 6c 6c 69 61 6e
63 65 2e 6e 65 74 30 1e 17 0d 30 37 30 34 32 35
31 34 34 33 34 30 5a 17 0d 31 32 30 34 32 33 31
34 34 33 34 30 5a 30 6d 31 0b 30 09 06 03 55 04
06 13 02 53 47 31 0b 30 09 06 03 55 04 08 13 02
53 47 31 09 30 07 06 03 55 04 07 13 00 31 0b 30
09 06 03 55 04 0a 13 02 53 51 31 0b 30 09 06 03
55 04 0b 13 02 53 51 31 2c 30 2a 06 03 55 04 03
13 23 77 65 62 73 65 72 76 69 63 65 64 65 76 2e
73 69 61 2e 73 74 61 72 2d 61 6c 6c 69 61 6e 63
65 2e 6e 65 74 30 81 9f 30 0d 06 09 2a 86 48 86
f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81
81 00 c0 84 47 70 b7 e7 52 55 83 5c 86 45 77 14
0d 69 2b 75 24 64 47 54 88 f3 dd a5 12 a5 dd c8
f0 68 da 6d 47 35 54 62 85 06 56 a8 ad 26 17 92
a1 66 f5 94 38 40 96 46 90 1b 95 71 4e 83 6a cb
2f 4b 78 86 77 ff 2d 2c ee d0 29 54 26 65 21 d3
e5 5d 86 46 8b d3 fc 8b 37 10 f9 77 eb 54 91 91
a5 7d 70 10 f6 97 e6 70 6c f6 e2 20 c3 da 34 1f
14 02 93 5d 3b b1 6e 58 7c b4 af a1 a8 cc 51 56
37 bb 02 03 01 00 01 30 0d 06 09 2a 86 48 86 f7
0d 01 01 04 05 00 03 81 81 00 0c e5 11 10 5b d0
7c a7 8c 41 4f ed 9d ed ce 28 97 40 6e cb 34 be
65 88 df cf 5f e4 92 e0 2e 05 7b c3 35 68 3f f8
19 37 d2 42 58 68 97 76 6b ce a3 f5 ab f4 ad 26
3c c1 74 77 96 ff 1d 7c b8 83 14 92 a5 26 35 0a
91 d9 ac bb 47 60 ab 5b 51 e0 f8 06 c5 64 41 88
a3 0e a1 ac b2 47 cb a7 33 af 2a 4a 05 0e 57 b2
a3 0b 7f 19 9a 85 f6 85 8e 0f 79 e0 e9 cb f9 65
f2 52 7e 04 36 b0 8d a0 0c 03
depth=0 /C=SG/ST=SG/L=/O=SQ/OU=SQ/CN=webservicedev.sia.star-alliance.net
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=SG/ST=SG/L=/O=SQ/OU=SQ/CN=webservicedev.sia.star-alliance.net
verify return:1
SSL_connect:SSLv3 read server certificate A
<<< SSL 3.0 Handshake [length 012c], CertificateRequest
0d 00 01 28 03 01 02 05 01 22 00 4a 30 48 31 0b
30 09 06 03 55 04 06 13 02 55 53 31 15 30 13 06
03 55 04 0a 13 0c 73 74 61 72 61 6c 6c 69 61 6e
63 65 31 22 30 20 06 03 55 04 03 13 19 73 68 74
77 73 73 30 31 2e 73 74 61 72 61 6c 6c 69 61 6e
63 65 2e 63 6f 6d 00 43 30 41 31 0d 30 0b 06 03
55 04 0a 13 04 53 74 61 72 31 1b 30 19 06 03 55
04 0b 13 12 54 65 63 68 6e 69 63 61 6c 52 65 73
6f 75 72 63 65 73 31 13 30 11 06 03 55 04 03 13
0a 53 74 61 72 54 65 73 74 43 41 00 4a 30 48 31
0b 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13
06 03 55 04 0a 13 0c 73 74 61 72 61 6c 6c 69 61
6e 63 65 31 22 30 20 06 03 55 04 03 13 19 73 68
74 77 73 73 30 31 2e 73 74 61 72 61 6c 6c 69 61
6e 63 65 2e 63 6f 6d 00 43 30 41 31 0d 30 0b 06
03 55 04 0a 13 04 53 74 61 72 31 1b 30 19 06 03
55 04 0b 13 12 54 65 63 68 6e 69 63 61 6c 52 65
73 6f 75 72 63 65 73 31 13 30 11 06 03 55 04 03
13 0a 53 74 61 72 54 65 73 74 43 41
SSL_connect:SSLv3 read server certificate request A
<<< SSL 3.0 Handshake [length 0004], ServerHelloDone
0e 00 00 00
SSL_connect:SSLv3 read server done A
>>> SSL 3.0 Alert [length 0002], warning ???
01 29
SSL3 alert write:warning:no certificate
SSL_connect:SSLv3 write client certificate A
>>> SSL 3.0 Handshake [length 0084], ClientKeyExchange
10 00 00 80 84 b5 87 5a 09 fa 88 c1 49 6e 0c be
11 f6 a2 1a a4 b2 d8 13 51 ec 5b b1 39 79 73 c5
c4 27 97 63 c1 85 2e 37 8b 6d 5e df 15 2d d3 7a
1e ea 81 43 ba 92 92 4a 11 cc b9 d2 bb 40 e1 b2
02 92 d0 50 04 4a 65 79 19 2a 1e a4 6b c0 09 9c
7c 43 2b 7c 7d 72 7a 45 75 7d 0d ce 2b 4c 17 0d
d4 39 de e9 5f e0 90 52 db 82 22 3e 24 6d 25 da
17 b3 63 e8 32 de f6 c9 11 32 92 55 fe 63 ba 06
20 03 a4 c3
SSL_connect:SSLv3 write client key exchange A
>>> SSL 3.0 ChangeCipherSpec [length 0001]
01
SSL_connect:SSLv3 write change cipher spec A
>>> SSL 3.0 Handshake [length 0028], Finished
14 00 00 24 04 c5 6c c5 ff 86 5f 80 6d 96 4e 99
24 12 3f 04 a8 4b 7f 26 da 72 30 d6 52 8e 02 7e
5d ec 34 47 0b bd 2b e5
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
<<< SSL 3.0 Alert [length 0002], fatal handshake_failure
02 28
SSL3 alert read:fatal:handshake failure
SSL_connect:failed in SSLv3 read finished A
766:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake
failure:s3_pkt.c:1057:SSL alert number 40
766:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:534:
Kalai Selvan P
Tata Consultancy Services
Mailto: [EMAIL PROTECTED]
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
Business Solutions
Outsourcing
____________________________________________
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
----- End forwarded message -----
--
Lutz Jaenicke [EMAIL PROTECTED]
OpenSSL Project http://www.openssl.org/~jaenicke/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
