On Wed, Jan 14, 2009, Thomas Jarosch wrote: > Hello together, > > I recently upgraded from openssl 0.9.8i to openssl 0.9.8j > and now I can't connect to our servers: > > # openssl version > OpenSSL 0.9.8j 07 Jan 2009 > > # openssl s_client -ssl3 -connect www.intra2net.com:443 > CONNECTED(00000003) > 31320:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake > failure:s3_pkt.c:1060:SSL alert number 40 > 31320:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake > failure:s3_pkt.c:530: > > Same thing with a certificate using a private CA: > # openssl s_client -ssl3 -connect update.intranator.com:443 > CONNECTED(00000003) > 31738:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake > failure:s3_pkt.c:1060:SSL alert number 40 > 31738:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake > failure:s3_pkt.c:530: > > Is something wrong with my certificates or could > this be a regression with openssl 0.9.8j? > > "-ssl2" and "-tls1" works fine. Also does openssl version 0.9.8i. >
Try it with the -no_ticket option. Some servers have problems with SSL/TLS extensions and these were enabled by default in 0.9.8j. You can also disable extensions by compiling with the no-tlsext option. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org