Issue with openssl client and IIS Server

[Subramanian Ramachandran]

Hi, 

 

I signed up with the openssl yesterday and the thread I posted yesterday
with the issue given below is still pending on www.nabble.com. Hence I
decided to just write another email to the above address.

 

My issue:

I am using openssl to connect to an IIS 6.0 server. I am just getting
alphanumerc (%^$????...etc) characters as the received message for the
first time. Why is this so? Subsequent messages are received correctly
by the IIS server. I have tried my best to research the options I am
setting and have carried out many tests but, no success. I am using the
following flow of commands to negotiate and connect with the IIS server
before posting any data: 

SSL_library_init(); 
            SSL_load_error_strings(); 
            httpclient_SSL_CTX = SSL_CTX_new(SSLv3_client_method()); 
             .... 
             ....   
            /* set up SSL structures */ 
            SSL_CTX_sess_set_cache_size(httpclient_SSL_CTX, 20); 
            SSL_CTX_set_session_cache_mode(httpclient_SSL_CTX, 
                                           SSL_SESS_CACHE_CLIENT | 
 
SSL_SESS_CACHE_NO_AUTO_CLEAR); 
            SSL_CTX_set_timeout(httpclient_SSL_CTX, SESSION_TIMEOUT); 

            SSL_CTX_set_mode(httpclient_SSL_CTX, 0); 

            
            /* set up which ciphers we are willing to use */ 
            /*  CIPHER_LIST = "RC4-SHA:RC4-MD5:EXP-RC4-MD5" */ 
            err = SSL_CTX_set_cipher_list(httpclient_SSL_CTX,
CIPHER_LIST); 
              ..... 
               ...... 

      /* create new SSL connection */ 
      hc->SSL_conn = SSL_new(httpclient_SSL_CTX); 
      .......... 

      /* using SSL for client, not server */ 
      SSL_set_connect_state(hc->SSL_conn); 
      ........... 

      /* do not enable auto-retry mode for rehandshaking */ 
      SSL_set_mode(hc->SSL_conn, 0); 
     ............ 

      /* connect SSL object to our socket */ 
      SSL_set_fd(hc->SSL_conn, hc->Sock); 
      /*SESSION_TIMEOUT = 300 seconds */ 
      SSL_set_timeout(hc->SSL_conn->session, SESSION_TIMEOUT); 

     sslconnect: 
      ERR_clear_error(); 

      /* negotiate SSL with server */ 
      err = SSL_connect(hc->SSL_conn); 

I configured the initial socket as blocking so that SSL_connect only
returns after the complete negotiation. My understanding is that
SSL_connect should take care of all cert and key exchanges so that when
I subsequently use the socket hc->SSL_conn. 

Am i missing something here? 

Thanks for your help in advance.

 

Subbu

 

Subramanian Ramachandran

Embedded Software Engineer

 

 

 

MWA Intelligence, Inc.

Managing Workforce and Assets

 

15990 N Greenway Hayden Loop

Suite 400

Scottsdale, AZ 85260

480.538.5614 Direct

480.299.3368 Cell

480.538.5995 Fax

su...@mwaintel.com <mailto:victoria.sat...@mwaintel.com> 

 

For more information, please visit www.mwaintel.com
<http://www.mwaintel.com>  or contact our Customer Care Center at
888.703.2780.

 

<<image001.jpg>>