Dear Ach members,
when using the nginx server recommendations in the Ach paper, I cannot
get the OpenSSL /s_time/ performance testing to work. Even the server
bettercrypto.org fails. Is this problem due to the nginx config, or with
OpenSSL?
Running "openssl s_time -connect bettercrypto.org:443 -cipher
AES128-GCM-SHA256 -time 2" returns "140373676381952:error:14094410:SSL
routines:ssl3_read_bytes:sslv3 alert handshake
failure:ssl/record/rec_layer_s3.c:1362:SSL alert number 40" in OpenSSL
1.1.0, and "140416684930936:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:769:" in 1.0.2h.
This problem has been found when running from Fedora 24, and also with
other ciphers than just the one mentioned above, as
ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA, AES256-SHA, but
not with AES128-SHA.
I am greatful for insight that would make it possible to use /s_time/
properly.
best regards,
Kjetil Birkeland Moe
_______________________________________________
Ach mailing list
[email protected]
http://lists.cert.at/cgi-bin/mailman/listinfo/ach
