Hello, > We are trying to communicate using https with an airline whose server ip
> is 57.60.20.77 wherein the ssl handshake fails stating "SSL alert number > 40". > We have created an self signed certificate and implemented in both sides. > Having googled found that it is failing to negotiate due to security > parameters. > Please suggest as to what the error exactly refers to and what could be > the possible solution to rectify the same. Thanks in advance. > > openssl version -> OpenSSL 0.9.8a 11 Oct 2005 > Operating System Version->SUSE Linux 10 (Linux 2.6.16.46-0.12-bigsmp #1 > SMP Thu May 17 14:00:09 UTC 2007 i686 i686 i386 GNU/Linux) > > openssl s_client -connect 57.60.20.77:443 -state -msg -ssl3 > CONNECTED(00000003) > SSL_connect:before/connect initialization > >>> SSL 3.0 Handshake [length 005f], ClientHello > 01 00 00 5b 03 00 47 9f 15 d6 4e 52 41 63 4a 95 > 47 d3 81 09 76 b3 d1 de 9e e1 0d e4 5f 6b fe ef > 8a a7 68 39 96 6d 00 00 34 00 39 00 38 00 35 00 > 16 00 13 00 0a 00 33 00 32 00 2f 00 66 00 05 00 > 04 00 63 00 62 00 61 00 15 00 12 00 09 00 65 00 > 64 00 60 00 14 00 11 00 08 00 06 00 03 01 00 > SSL_connect:SSLv3 write client hello A > <<< SSL 3.0 Handshake [length 003a], ServerHello > 02 00 00 36 03 00 47 9f 05 8a 13 66 43 7d a4 c7 > 27 b0 16 c4 61 8b 95 1e 23 60 71 61 5e ea 6d 69 > 25 64 c1 e1 2b 75 10 7e 43 61 a4 45 5f c1 ec 88 > 3d 6f bf 67 d9 db 53 00 04 00 > SSL_connect:SSLv3 read server hello A > <<< SSL 3.0 Handshake [length 025a], Certificate > 0b 00 02 56 00 02 53 00 02 50 30 82 02 4c 30 82 > 01 b5 02 04 46 2f 69 1c 30 0d 06 09 2a 86 48 86 > f7 0d 01 01 04 05 00 30 6d 31 0b 30 09 06 03 55 > 04 06 13 02 53 47 31 0b 30 09 06 03 55 04 08 13 > 02 53 47 31 09 30 07 06 03 55 04 07 13 00 31 0b > 30 09 06 03 55 04 0a 13 02 53 51 31 0b 30 09 06 > 03 55 04 0b 13 02 53 51 31 2c 30 2a 06 03 55 04 > 03 13 23 77 65 62 73 65 72 76 69 63 65 64 65 76 > 2e 73 69 61 2e 73 74 61 72 2d 61 6c 6c 69 61 6e > 63 65 2e 6e 65 74 30 1e 17 0d 30 37 30 34 32 35 > 31 34 34 33 34 30 5a 17 0d 31 32 30 34 32 33 31 > 34 34 33 34 30 5a 30 6d 31 0b 30 09 06 03 55 04 > 06 13 02 53 47 31 0b 30 09 06 03 55 04 08 13 02 > 53 47 31 09 30 07 06 03 55 04 07 13 00 31 0b 30 > 09 06 03 55 04 0a 13 02 53 51 31 0b 30 09 06 03 > 55 04 0b 13 02 53 51 31 2c 30 2a 06 03 55 04 03 > 13 23 77 65 62 73 65 72 76 69 63 65 64 65 76 2e > 73 69 61 2e 73 74 61 72 2d 61 6c 6c 69 61 6e 63 > 65 2e 6e 65 74 30 81 9f 30 0d 06 09 2a 86 48 86 > f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 > 81 00 c0 84 47 70 b7 e7 52 55 83 5c 86 45 77 14 > 0d 69 2b 75 24 64 47 54 88 f3 dd a5 12 a5 dd c8 > f0 68 da 6d 47 35 54 62 85 06 56 a8 ad 26 17 92 > a1 66 f5 94 38 40 96 46 90 1b 95 71 4e 83 6a cb > 2f 4b 78 86 77 ff 2d 2c ee d0 29 54 26 65 21 d3 > e5 5d 86 46 8b d3 fc 8b 37 10 f9 77 eb 54 91 91 > a5 7d 70 10 f6 97 e6 70 6c f6 e2 20 c3 da 34 1f > 14 02 93 5d 3b b1 6e 58 7c b4 af a1 a8 cc 51 56 > 37 bb 02 03 01 00 01 30 0d 06 09 2a 86 48 86 f7 > 0d 01 01 04 05 00 03 81 81 00 0c e5 11 10 5b d0 > 7c a7 8c 41 4f ed 9d ed ce 28 97 40 6e cb 34 be > 65 88 df cf 5f e4 92 e0 2e 05 7b c3 35 68 3f f8 > 19 37 d2 42 58 68 97 76 6b ce a3 f5 ab f4 ad 26 > 3c c1 74 77 96 ff 1d 7c b8 83 14 92 a5 26 35 0a > 91 d9 ac bb 47 60 ab 5b 51 e0 f8 06 c5 64 41 88 > a3 0e a1 ac b2 47 cb a7 33 af 2a 4a 05 0e 57 b2 > a3 0b 7f 19 9a 85 f6 85 8e 0f 79 e0 e9 cb f9 65 > f2 52 7e 04 36 b0 8d a0 0c 03 > depth=0 /C=SG/ST=SG/L=/O=SQ/OU=SQ/CN=webservicedev.sia.star-alliance.net > verify error:num=18:self signed certificate > verify return:1 > depth=0 /C=SG/ST=SG/L=/O=SQ/OU=SQ/CN=webservicedev.sia.star-alliance.net > verify return:1 > SSL_connect:SSLv3 read server certificate A > <<< SSL 3.0 Handshake [length 012c], CertificateRequest > 0d 00 01 28 03 01 02 05 01 22 00 4a 30 48 31 0b > 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13 06 > 03 55 04 0a 13 0c 73 74 61 72 61 6c 6c 69 61 6e > 63 65 31 22 30 20 06 03 55 04 03 13 19 73 68 74 > 77 73 73 30 31 2e 73 74 61 72 61 6c 6c 69 61 6e > 63 65 2e 63 6f 6d 00 43 30 41 31 0d 30 0b 06 03 > 55 04 0a 13 04 53 74 61 72 31 1b 30 19 06 03 55 > 04 0b 13 12 54 65 63 68 6e 69 63 61 6c 52 65 73 > 6f 75 72 63 65 73 31 13 30 11 06 03 55 04 03 13 > 0a 53 74 61 72 54 65 73 74 43 41 00 4a 30 48 31 > 0b 30 09 06 03 55 04 06 13 02 55 53 31 15 30 13 > 06 03 55 04 0a 13 0c 73 74 61 72 61 6c 6c 69 61 > 6e 63 65 31 22 30 20 06 03 55 04 03 13 19 73 68 > 74 77 73 73 30 31 2e 73 74 61 72 61 6c 6c 69 61 > 6e 63 65 2e 63 6f 6d 00 43 30 41 31 0d 30 0b 06 > 03 55 04 0a 13 04 53 74 61 72 31 1b 30 19 06 03 > 55 04 0b 13 12 54 65 63 68 6e 69 63 61 6c 52 65 > 73 6f 75 72 63 65 73 31 13 30 11 06 03 55 04 03 > 13 0a 53 74 61 72 54 65 73 74 43 41 > SSL_connect:SSLv3 read server certificate request A > <<< SSL 3.0 Handshake [length 0004], ServerHelloDone > 0e 00 00 00 > SSL_connect:SSLv3 read server done A > >>> SSL 3.0 Alert [length 0002], warning ??? > 01 29 > SSL3 alert write:warning:no certificate > SSL_connect:SSLv3 write client certificate A > >>> SSL 3.0 Handshake [length 0084], ClientKeyExchange > 10 00 00 80 84 b5 87 5a 09 fa 88 c1 49 6e 0c be > 11 f6 a2 1a a4 b2 d8 13 51 ec 5b b1 39 79 73 c5 > c4 27 97 63 c1 85 2e 37 8b 6d 5e df 15 2d d3 7a > 1e ea 81 43 ba 92 92 4a 11 cc b9 d2 bb 40 e1 b2 > 02 92 d0 50 04 4a 65 79 19 2a 1e a4 6b c0 09 9c > 7c 43 2b 7c 7d 72 7a 45 75 7d 0d ce 2b 4c 17 0d > d4 39 de e9 5f e0 90 52 db 82 22 3e 24 6d 25 da > 17 b3 63 e8 32 de f6 c9 11 32 92 55 fe 63 ba 06 > 20 03 a4 c3 > SSL_connect:SSLv3 write client key exchange A > >>> SSL 3.0 ChangeCipherSpec [length 0001] > 01 > SSL_connect:SSLv3 write change cipher spec A > >>> SSL 3.0 Handshake [length 0028], Finished > 14 00 00 24 04 c5 6c c5 ff 86 5f 80 6d 96 4e 99 > 24 12 3f 04 a8 4b 7f 26 da 72 30 d6 52 8e 02 7e > 5d ec 34 47 0b bd 2b e5 > SSL_connect:SSLv3 write finished A > SSL_connect:SSLv3 flush data > <<< SSL 3.0 Alert [length 0002], fatal handshake_failure > 02 28 > SSL3 alert read:fatal:handshake failure > SSL_connect:failed in SSLv3 read finished A > 766:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake > failure:s3_pkt.c:1057:SSL alert number 40 > 766:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake > failure:s3_pkt.c:534: When you are connecting to SSL server, server request client certificate, (line: SSL 3.0 Handshake [length 012c], CertificateRequest), but you do not have/sent client certificate and server closed connection. Try to specify client key/certificate with openssl options -key and -cert. Best regards, -- Marek Marcola <[EMAIL PROTECTED]>