On Wed, Jan 14, 2009, Thomas Jarosch wrote:

> Hello together,
> 
> I recently upgraded from openssl 0.9.8i to openssl 0.9.8j
> and now I can't connect to our servers:
> 
> # openssl version
> OpenSSL 0.9.8j 07 Jan 2009
> 
> # openssl s_client -ssl3 -connect www.intra2net.com:443
> CONNECTED(00000003)
> 31320:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake 
> failure:s3_pkt.c:1060:SSL alert number 40
> 31320:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake 
> failure:s3_pkt.c:530:
> 
> Same thing with a certificate using a private CA:
> # openssl s_client -ssl3 -connect update.intranator.com:443
> CONNECTED(00000003)
> 31738:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake 
> failure:s3_pkt.c:1060:SSL alert number 40
> 31738:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake 
> failure:s3_pkt.c:530:
> 
> Is something wrong with my certificates or could
> this be a regression with openssl 0.9.8j?
> 
> "-ssl2" and "-tls1" works fine. Also does openssl version 0.9.8i.
> 

Try it with the -no_ticket option. Some servers have problems with SSL/TLS
extensions and these were enabled by default in 0.9.8j. You can also disable
extensions by compiling with the no-tlsext option.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to