Handshake Failure with some ciphers

[Verdon Walker]

I wrote a little batch file to check that I can handshake with ALL the ciphers that are output from an "openssl ciphers" command. (BTW, I am running on a Windows 2000 box with the latest 0.9.6a build.) Unfortunately, some of the ciphers do not seem to work when passed in using an "openssl s_client -cipher XXX-XXX-XXX" command. (I am running a standard "openssl s_server" in another window.)   Here is the batch file I am using: --allciphers.bat-- @echo off echo EDH-RSA-DES-CBC3-SHA openssl s_client -cipher EDH-RSA-DES-CBC3-SHA echo EDH-DSS-DES-CBC3-SHA openssl s_client -cipher EDH-DSS-DES-CBC3-SHA echo DES-CBC3-SHA openssl s_client -cipher DES-CBC3-SHA echo DES-CBC3-MD5 openssl s_client -cipher DES-CBC3-MD5 echo DHE-DSS-RC4-SHA openssl s_client -cipher DHE-DSS-RC4-SHA echo IDEA-CBC-SHA openssl s_client -cipher IDEA-CBC-SHA echo RC4-SHA openssl s_client -cipher RC4-SHA echo RC4-MD5 openssl s_client -cipher RC4-MD5 echo IDEA-CBC-MD5 openssl s_client -cipher IDEA-CBC-MD5 echo RC2-CBC-MD5 openssl s_client -cipher RC2-CBC-MD5 echo RC4-MD5 openssl s_client -cipher RC4-MD5 echo RC4-64-MD5 openssl s_client -cipher RC4-64-MD5 echo EXP1024-DHE-DSS-RC4-SHA openssl s_client -cipher EXP1024-DHE-DSS-RC4-SHA echo EXP1024-RC4-SHA openssl s_client -cipher EXP1024-RC4-SHA echo EXP1024-DHE-DSS-DES-CBC-SHA openssl s_client -cipher EXP1024-DHE-DSS-DES-CBC-SHA echo EXP1024-DES-CBC-SHA openssl s_client -cipher EXP1024-DES-CBC-SHA echo EXP1024-RC2-CBC-MD5 openssl s_client -cipher EXP1024-RC2-CBC-MD5 echo EXP1024-RC4-MD5 openssl s_client -cipher EXP1024-RC4-MD5 echo EDH-RSA-DES-CBC-SHA openssl s_client -cipher EDH-RSA-DES-CBC-SHA echo EDH-DSS-DES-CBC-SHA openssl s_client -cipher EDH-DSS-DES-CBC-SHA echo DES-CBC-SHA openssl s_client -cipher DES-CBC-SHA echo DES-CBC-MD5 openssl s_client -cipher DES-CBC-MD5 echo EXP-EDH-RSA-DES-CBC-SHA openssl s_client -cipher EXP-EDH-RSA-DES-CBC-SHA echo EXP-EDH-DSS-DES-CBC-SHA openssl s_client -cipher EXP-EDH-DSS-DES-CBC-SHA echo EXP-DES-CBC-SHA openssl s_client -cipher EXP-DES-CBC-SHA echo EXP-RC2-CBC-MD5 openssl s_client -cipher EXP-RC2-CBC-MD5 echo EXP-RC4-MD5 openssl s_client -cipher EXP-RC4-MD5 echo EXP-RC2-CBC-MD5 openssl s_client -cipher EXP-RC2-CBC-MD5 echo EXP-RC4-MD5 openssl s_client -cipher EXP-RC4-MD5 --end of allciphers.bat--   Most ciphers handshake correctly, but the following do not: EDH-DSS-DES-CBC3-SHA DES-CBC3-MD5 DHE-DSS-RC4-SHA IDEA-CBC-MD5 RC2-CBC-MD5 RC4-64-MD5 EXP1024-DHE-DSS-RC4-SHA EXP1024-DHE-DSS-DES-CBC-SHA EDH-DSS-DES-CBC-SHA DES-CBC-MD5 EXP-EDH-DSS-DES-CBC-SHA The output on the client side shows: Loading 'screen' into random state - done CONNECTED(000001A4) 1600:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:.\ssl\s23_clnt.c:455:   The output on the server side shows: Loading 'screen' into random state - done Using default temp DH parameters ACCEPT ERROR 1832:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:.\ssl\s3_srvr.c:772: shutting down SSL CONNECTION CLOSED ACCEPT   Any help diagnosing the problem would be greatly appreciated. Thanks.   Verdon Walker (801) 861-2633 [EMAIL PROTECTED] Novell Inc., the leading provider of Net Services Software www.novell.com