When I try to set up an SSL connection between two invocations of the openssl command, I get a "no shared cipher" error. Since I can set up SSL connections to web servers, I suspect that the problem is with the openssl implementing the server side of the protocol.
Openssl version: 0.9.6d Linux version: 2.4.17 Gcc version: 2.95.4 (i386-linux) To reproduce: 1) Run the open openssl in a window. 2) Type the command: s_server -debug -nocert -accept 8008 3) Open another window and run openssl there as well. 4) In that window, type: s_client -debug -connect localhost:8008 The problem occurs with the gcc flags selected the original makefile. I changed the gcc flags to the following, with no effect: CFLAGS=-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -Wall Below is the output from the two windows. This output was produced after recompiled ssl/s3_lib.c with CIPHER_DEBUG defined. ------------------------------ client output ------------------------------ OpenSSL> s_client -debug -connect localhost:8008 CONNECTED(00000003) write to 0813A480 [0813BCA0] (130 bytes => 130 (0x82)) 0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00 ......W... ..... 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05 .........f...... 0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00 ................ 0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00 .e..d..c..b..a.. 0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14 `...........@... 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................ 0060 - 00 80 a3 64 5d 24 f9 10-ca 75 56 a0 97 0e d9 80 ...d]$...uV..... 0070 - be d6 4b 91 47 9e 7c 5e-c3 d1 19 76 11 d7 13 14 ..K.G.|^...v.... 0080 - b2 34 .4 read from 0813A480 [08141200] (7 bytes => 7 (0x7)) 0000 - 15 03 01 00 02 02 28 ......( 9748:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:455: OpenSSL> version OpenSSL 0.9.6d 9 May 2002 OpenSSL> ------------------------------ server output ------------------------------ OpenSSL> s_server -debug -nocert -accept 8008 Using default temp DH parameters ACCEPT read from 08137288 [08142480] (11 bytes => 11 (0xB)) 0000 - 80 80 01 03 01 00 57 ......W 000b - <SPACES/NULS> read from 08137288 [0814248B] (119 bytes => 119 (0x77)) 0000 - 00 00 16 00 00 13 00 00-0a 07 00 c0 00 00 66 00 ..............f. 0010 - 00 07 00 00 05 00 00 04-05 00 80 03 00 80 01 00 ................ 0020 - 80 08 00 80 00 00 65 00-00 64 00 00 63 00 00 62 ......e..d..c..b 0030 - 00 00 61 00 00 60 00 00-15 00 00 12 00 00 09 06 ..a..`.......... 0040 - 00 40 00 00 14 00 00 11-00 00 08 00 00 06 00 00 .@.............. 0050 - 03 04 00 80 02 00 80 a3-64 5d 24 f9 10 ca 75 56 ........d]$...uV 0060 - a0 97 0e d9 80 be d6 4b-91 47 9e 7c 5e c3 d1 19 .......K.G.|^... 0070 - 76 11 d7 13 14 b2 34 v.....4 Have: 0x811f834:EDH-RSA-DES-CBC3-SHA 0x811f7bc:EDH-DSS-DES-CBC3-SHA 0x811f654:DES-CBC3-SHA 0x811f314:DES-CBC3-MD5 0x811f9c4:DHE-DSS-RC4-SHA 0x811f5dc:IDEA-CBC-SHA 0x811f58c:RC4-SHA 0x811f564:RC4-MD5 0x811f2c4:IDEA-CBC-MD5 0x811f29c:RC2-CBC-MD5 0x811f24c:RC4-MD5 0x811f33c:RC4-64-MD5 0x811f99c:EXP1024-DHE-DSS-RC4-SHA 0x811f974:EXP1024-RC4-SHA 0x811f94c:EXP1024-DHE-DSS-DES-CBC-SHA 0x811f924:EXP1024-DES-CBC-SHA 0x811f8fc:EXP1024-RC2-CBC-MD5 0x811f8d4:EXP1024-RC4-MD5 0x811f80c:EDH-RSA-DES-CBC-SHA 0x811f794:EDH-DSS-DES-CBC-SHA 0x811f62c:DES-CBC-SHA 0x811f2ec:DES-CBC-MD5 0x811f7e4:EXP-EDH-RSA-DES-CBC-SHA 0x811f76c:EXP-EDH-DSS-DES-CBC-SHA 0x811f604:EXP-DES-CBC-SHA 0x811f5b4:EXP-RC2-CBC-MD5 0x811f53c:EXP-RC4-MD5 0x811f274:EXP-RC2-CBC-MD5 0x811f224:EXP-RC4-MD5 0:[00000030:00000110]0x811f834:EDH-RSA-DES-CBC3-SHA 0:[00000050:00000110]0x811f7bc:EDH-DSS-DES-CBC3-SHA 0:[00000021:00000110]0x811f654:DES-CBC3-SHA 0:[00000050:00000110]0x811f9c4:DHE-DSS-RC4-SHA 0:[00000021:00000110]0x811f5dc:IDEA-CBC-SHA 0:[00000021:00000110]0x811f58c:RC4-SHA 0:[00000021:00000110]0x811f564:RC4-MD5 0:[00000050:00000110]0x811f99c:EXP1024-DHE-DSS-RC4-SHA (export) 0:[00000021:00000110]0x811f974:EXP1024-RC4-SHA (export) 0:[00000050:00000110]0x811f94c:EXP1024-DHE-DSS-DES-CBC-SHA (export) 0:[00000021:00000110]0x811f924:EXP1024-DES-CBC-SHA (export) 0:[00000021:00000110]0x811f8fc:EXP1024-RC2-CBC-MD5 (export) 0:[00000021:00000110]0x811f8d4:EXP1024-RC4-MD5 (export) 0:[00000030:00000110]0x811f80c:EDH-RSA-DES-CBC-SHA 0:[00000050:00000110]0x811f794:EDH-DSS-DES-CBC-SHA 0:[00000021:00000110]0x811f62c:DES-CBC-SHA 0:[00000030:00000110]0x811f7e4:EXP-EDH-RSA-DES-CBC-SHA (export) 0:[00000050:00000110]0x811f76c:EXP-EDH-DSS-DES-CBC-SHA (export) 0:[00000021:00000110]0x811f604:EXP-DES-CBC-SHA (export) 0:[00000021:00000110]0x811f5b4:EXP-RC2-CBC-MD5 (export) 0:[00000021:00000110]0x811f53c:EXP-RC4-MD5 (export) write to 08137288 [0814C5A8] (7 bytes => 7 (0x7)) 0000 - 15 03 01 00 02 02 28 ......( ERROR 9753:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:857: shutting down SSL CONNECTION CLOSED ACCEPT ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
