On Thu, Jun 27, 2002 at 08:46:52AM +0200, [EMAIL PROTECTED] via RT wrote: > > When I try to set up an SSL connection between two invocations of > the openssl command, I get a "no shared cipher" error. Since I can > set up SSL connections to web servers, I suspect that the problem is > with the openssl implementing the server side of the protocol. > > Openssl version: 0.9.6d > Linux version: 2.4.17 > Gcc version: 2.95.4 (i386-linux) > > To reproduce: > 1) Run the open openssl in a window. > 2) Type the command: s_server -debug -nocert -accept 8008
"-nocert" was specified for some reason. > 3) Open another window and run openssl there as well. > 4) In that window, type: s_client -debug -connect localhost:8008 > > The problem occurs with the gcc flags selected the original makefile. > I changed the gcc flags to the following, with no effect: > CFLAGS=-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DL_ENDIAN -DTERMIO -g -Wall > > Below is the output from the two windows. This output was produced > after recompiled ssl/s3_lib.c with CIPHER_DEBUG defined. > > > ------------------------------ client output ------------------------------ > OpenSSL> s_client -debug -connect localhost:8008 > CONNECTED(00000003) > write to 0813A480 [0813BCA0] (130 bytes => 130 (0x82)) > 0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00 ......W... ..... > 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05 .........f...... > 0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00 ................ > 0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00 .e..d..c..b..a.. > 0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14 `...........@... > 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................ > 0060 - 00 80 a3 64 5d 24 f9 10-ca 75 56 a0 97 0e d9 80 ...d]$...uV..... > 0070 - be d6 4b 91 47 9e 7c 5e-c3 d1 19 76 11 d7 13 14 ..K.G.|^...v.... > 0080 - b2 34 .4 > read from 0813A480 [08141200] (7 bytes => 7 (0x7)) > 0000 - 15 03 01 00 02 02 28 ......( > 9748:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake >failure:s23_clnt.c:455: > OpenSSL> version > OpenSSL 0.9.6d 9 May 2002 > OpenSSL> > > > ------------------------------ server output ------------------------------ > OpenSSL> s_server -debug -nocert -accept 8008 > Using default temp DH parameters > ACCEPT > read from 08137288 [08142480] (11 bytes => 11 (0xB)) > 0000 - 80 80 01 03 01 00 57 ......W > 000b - <SPACES/NULS> > read from 08137288 [0814248B] (119 bytes => 119 (0x77)) > 0000 - 00 00 16 00 00 13 00 00-0a 07 00 c0 00 00 66 00 ..............f. > 0010 - 00 07 00 00 05 00 00 04-05 00 80 03 00 80 01 00 ................ > 0020 - 80 08 00 80 00 00 65 00-00 64 00 00 63 00 00 62 ......e..d..c..b > 0030 - 00 00 61 00 00 60 00 00-15 00 00 12 00 00 09 06 ..a..`.......... > 0040 - 00 40 00 00 14 00 00 11-00 00 08 00 00 06 00 00 .@.............. > 0050 - 03 04 00 80 02 00 80 a3-64 5d 24 f9 10 ca 75 56 ........d]$...uV > 0060 - a0 97 0e d9 80 be d6 4b-91 47 9e 7c 5e c3 d1 19 .......K.G.|^... > 0070 - 76 11 d7 13 14 b2 34 v.....4 > Have: > 0x811f834:EDH-RSA-DES-CBC3-SHA > 0x811f7bc:EDH-DSS-DES-CBC3-SHA > 0x811f654:DES-CBC3-SHA > 0x811f314:DES-CBC3-MD5 > 0x811f9c4:DHE-DSS-RC4-SHA > 0x811f5dc:IDEA-CBC-SHA > 0x811f58c:RC4-SHA > 0x811f564:RC4-MD5 > 0x811f2c4:IDEA-CBC-MD5 > 0x811f29c:RC2-CBC-MD5 > 0x811f24c:RC4-MD5 > 0x811f33c:RC4-64-MD5 > 0x811f99c:EXP1024-DHE-DSS-RC4-SHA > 0x811f974:EXP1024-RC4-SHA > 0x811f94c:EXP1024-DHE-DSS-DES-CBC-SHA > 0x811f924:EXP1024-DES-CBC-SHA > 0x811f8fc:EXP1024-RC2-CBC-MD5 > 0x811f8d4:EXP1024-RC4-MD5 > 0x811f80c:EDH-RSA-DES-CBC-SHA > 0x811f794:EDH-DSS-DES-CBC-SHA > 0x811f62c:DES-CBC-SHA > 0x811f2ec:DES-CBC-MD5 > 0x811f7e4:EXP-EDH-RSA-DES-CBC-SHA > 0x811f76c:EXP-EDH-DSS-DES-CBC-SHA > 0x811f604:EXP-DES-CBC-SHA > 0x811f5b4:EXP-RC2-CBC-MD5 > 0x811f53c:EXP-RC4-MD5 > 0x811f274:EXP-RC2-CBC-MD5 > 0x811f224:EXP-RC4-MD5 > 0:[00000030:00000110]0x811f834:EDH-RSA-DES-CBC3-SHA > 0:[00000050:00000110]0x811f7bc:EDH-DSS-DES-CBC3-SHA > 0:[00000021:00000110]0x811f654:DES-CBC3-SHA > 0:[00000050:00000110]0x811f9c4:DHE-DSS-RC4-SHA > 0:[00000021:00000110]0x811f5dc:IDEA-CBC-SHA > 0:[00000021:00000110]0x811f58c:RC4-SHA > 0:[00000021:00000110]0x811f564:RC4-MD5 > 0:[00000050:00000110]0x811f99c:EXP1024-DHE-DSS-RC4-SHA (export) > 0:[00000021:00000110]0x811f974:EXP1024-RC4-SHA (export) > 0:[00000050:00000110]0x811f94c:EXP1024-DHE-DSS-DES-CBC-SHA (export) > 0:[00000021:00000110]0x811f924:EXP1024-DES-CBC-SHA (export) > 0:[00000021:00000110]0x811f8fc:EXP1024-RC2-CBC-MD5 (export) > 0:[00000021:00000110]0x811f8d4:EXP1024-RC4-MD5 (export) > 0:[00000030:00000110]0x811f80c:EDH-RSA-DES-CBC-SHA > 0:[00000050:00000110]0x811f794:EDH-DSS-DES-CBC-SHA > 0:[00000021:00000110]0x811f62c:DES-CBC-SHA > 0:[00000030:00000110]0x811f7e4:EXP-EDH-RSA-DES-CBC-SHA (export) > 0:[00000050:00000110]0x811f76c:EXP-EDH-DSS-DES-CBC-SHA (export) > 0:[00000021:00000110]0x811f604:EXP-DES-CBC-SHA (export) > 0:[00000021:00000110]0x811f5b4:EXP-RC2-CBC-MD5 (export) > 0:[00000021:00000110]0x811f53c:EXP-RC4-MD5 (export) > write to 08137288 [0814C5A8] (7 bytes => 7 (0x7)) > 0000 - 15 03 01 00 02 02 28 ......( > ERROR > 9753:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared >cipher:s3_srvr.c:857: > shutting down SSL > CONNECTION CLOSED > ACCEPT > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] -- Naina library: http://www.unity.net/~vf/naina_r1.tgz ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
