Karthik Krishnamoorthy wrote:
> the error I see is handshake failure ..
>
> SSL trace below ..
>
> Version: $Revision: 1.1 $ ($Date: 2000/03/31 20:12:54 $) $Author:
> relyea%netscape.com $
> Connection #1 [Thu May 22 11:57:17 2003]
> Connected to regis.central.sun.com:7070
> --> [
> alloclen = 72 bytes
> (72 bytes of 72)
> [Thu May 22 11:57:17 2003] [ssl2] ClientHelloV2 {
> version = {0x03, 0x01}
> cipher-specs-length = 45 (0x2d)
> sid-length = 0 (0x00)
> challenge-length = 16 (0x10)
> cipher-suites = {
> (0x010080) SSL2/RSA/RC4-128/MD5
> (0x0700c0) SSL2/RSA/3DES192EDE-CBC/MD5
> (0x030080) SSL2/RSA/RC2CBC128/MD5
> (0x060040) SSL2/RSA/DES56-CBC/MD5
> (0x020080) SSL2/RSA/RC4-40/MD5
> (0x040080) SSL2/RSA/RC2CBC40/MD5
> (0x000004) SSL3/RSA/RC4-128/MD5
> (0x00feff) ??????????????????
> (0x00000a) SSL3/RSA/3DES192EDE-CBC/SHA
> (0x00fefe) ??????????????????
> (0x000009) SSL3/RSA/DES56-CBC/SHA
> (0x000064) TLS/RSA_EXPORT1024/RC4-56/SHA
> (0x000062) TLS/RSA_EXPORT1024/DES56_CBC/SHA
> (0x000003) SSL3/RSA/RC4-40/MD5
> (0x000006) SSL3/RSA/RC2CBC40/MD5
> }
> session-id = { }
> challenge = { 0x6129 0xfea9 0x025d 0x7b90 0x506d 0x5027
> 0xea62 0xa6a6 }
> }
> ]The ClientHello message shows that the client can do TLS. It uses the version number 3.1 and two TLS cipher suites. So it is possible that the server is TLS intolerant. A TLS intolerant server is a server that does not implement TLS and does not handle a ClientHello message with version 3.1 correctly. Could you try enable only SSL v2 and v3 and disable TLS in your client? Wan-Teh
smime.p7s
Description: S/MIME Cryptographic Signature
