[openssl-users] Which protocols should my client support?

I think this is a silly question but I still would like to get a knowledgeable and experienced confirmation of my thinking. My client is a custom application and as such only needs to communicate with specific servers for specific purposes. I think it makes sense for my client to only support

Re: [openssl-users] Which protocols should my client support?

AES256 ? Maybe some of the stronger SHA algorithms? On 04/24/17 13:42, Jeff Archer wrote: I think this is a silly question but I still would like to get a knowledgeable and experienced confirmation of my thinking. My client is a custom application and as such only needs to communicate

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

> Handshake failed > > The SSL handshake could not be performed. > > Host: Reason: error:14094416:SSL > routines:ssl3_read_bytes:sslv3 alert certificate unknown:state > 23:Application response 500 handshakefailed > > > generated 2017-04-24 15:28:13 by

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

> On Apr 24, 2017, at 6:11 PM, Blumenthal, Uri - 0553 - MITLL > wrote: > > I went through the capture between the app (local end) and the proxy. It > appears that the sequence is: > > ClientHello -> (from app to proxy, with a ton of cipher suites, including > 0xc02f) >

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

> I use a 3rd-party application that is trying to update itself (so it’s trying to “call home”). > Naturally, I’m behind a corporate firewall and Web proxy. The app has been configured to use > that proxy. It fails to connect. Packet capture reveals the following: You're

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

> I went through the capture between the app (local end) and the proxy. It appears that the sequence is: > > ClientHello -> (from app to proxy, with a ton of cipher suites, including 0xc02f) > <- ServerHello (with TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 – present in

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

On 24/04/17 22:18, Blumenthal, Uri - 0553 - MITLL wrote: > I use a 3rd-party application that is trying to update itself (so > it’s trying to “call home”). Naturally, I’m behind a corporate > firewall and Web proxy. The app has been configured to use that > proxy. It fails to connect. Packet

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

> On Apr 24, 2017, at 7:11 PM, Blumenthal, Uri - 0553 - MITLL > wrote: > >Please report tshark output, not an approximate rendition. In what > direction >is the alert sent? > > I’m using WireShark. The IP addresses on the Alert packet show local host as > the

Re: [openssl-users] Which protocols should my client support?

> On Apr 24, 2017, at 4:04 PM, Salz, Rich via openssl-users > wrote: > >> My client is a custom application and as such only needs to communicate with >> specific servers for specific purposes. I think it makes sense for my >> client to only support the specific

Re: [openssl-users] Which protocols should my client support?

> My client is a custom application and as such only needs to communicate with > specific servers for specific purposes.  I think it makes sense for my client > to only support the specific protocol that my server will use, > ECDHE-RSA-AES128-GCM-SHA256.  Does this sound reasonable or should I

[openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

I use a 3rd-party application that is trying to update itself (so it’s trying to “call home”). Naturally, I’m behind a corporate firewall and Web proxy. The app has been configured to use that proxy. It fails to connect. Packet capture reveals the following: Handshake failed The SSL handshake

Re: [openssl-users] What does this error mean? sslv3 alert certificate unknown:state 23

> On Apr 24, 2017, at 5:18 PM, Blumenthal, Uri - 0553 - MITLL > wrote: > > I use a 3rd-party application that is trying to update itself (so it’s trying > to “call home”). Naturally, I’m behind a corporate firewall and Web proxy. > The app has been configured to use that

Re: [openssl-users] How do I connect to this server

On 24/04/17 13:52, Jeff Archer wrote: >>> https://username:passw...@server.com >>> How do I specify this username and password when using SSL_connect()? >> >>You don't. That stuff is at the protocol level about TLS/SSL. > > OK. Let me try to rephrase my

Re: [openssl-users] How do I connect to this server

>> https://username:passw...@server.com >> How do I specify this username and password when using SSL_connect()? > >You don't. That stuff is at the protocol level about TLS/SSL. OK. Let me try to rephrase my question. Please excuse me if I don't get terminology exactly correct I am a novice

Re: [openssl-users] How do I connect to this server

It can also be done with s_client, just include the encoded username and password in the appropriate HTTP/1.1 headers supplied as input to s_client, then look at the HTTP/1.1 headers and other data in the output from s_client. On 23/04/2017 04:42, warron.french wrote: I know that this is a TLS