On Sun, Apr 22, 2012 at 01:13:48PM +0200, Kurt Roeckx wrote: > Can you try using openssl s_client with the "-no_tls1_1" option? > > Can you also try to see if the 1.0.1a version makes any difference?
I'm using OpenSSL 1.0.1a-3 now, but irssi seems to keep having problems. This is the s_client output with -no_tls1_1: CONNECTED(00000003) 4147722392:error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol:s23_clnt.c:697: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 320 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- But I've just tried with -no_tls1_1 -no_tls1_2 and it seems to work! New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: BB012BB9B657FE8AD09B3BC91D92105F6EDB0A38D08DF8C0E9F59F0948CD646C Session-ID-ctx: Master-Key: CEF8830E9E3368C942B93EE6C7E253E0180E160688AEE5235EFC21718B3C539353D5B9A968624A74EF9B8F15C2F027A0 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1335093936 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) If I use -no_tls1_2 alone it also works. In this case: SSL-Session: Protocol : TLSv1.1 Cipher : DHE-RSA-AES256-SHA Berto -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org