On Sun, Apr 22, 2012 at 01:13:48PM +0200, Kurt Roeckx wrote:
> Can you try using openssl s_client with the "-no_tls1_1" option?
>
> Can you also try to see if the 1.0.1a version makes any difference?
I'm using OpenSSL 1.0.1a-3 now, but irssi seems to keep having
problems.
This is the s_client output with -no_tls1_1:
CONNECTED(00000003)
4147722392:error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported
protocol:s23_clnt.c:697:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 320 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
But I've just tried with -no_tls1_1 -no_tls1_2 and it seems to work!
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: BB012BB9B657FE8AD09B3BC91D92105F6EDB0A38D08DF8C0E9F59F0948CD646C
Session-ID-ctx:
Master-Key:
CEF8830E9E3368C942B93EE6C7E253E0180E160688AEE5235EFC21718B3C539353D5B9A968624A74EF9B8F15C2F027A0
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1335093936
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
If I use -no_tls1_2 alone it also works. In this case:
SSL-Session:
Protocol : TLSv1.1
Cipher : DHE-RSA-AES256-SHA
Berto
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
