> [tm...@redhat.com - Sun Nov 15 23:29:28 2009]: > > See also https://bugzilla.redhat.com/show_bug.cgi?id=533234 > > openssl s_client -connect phantom.dragonsdawn.net:5223 > > fails to get server hello message from the server. It's apparent that > the server is somehow broken but > gnutls-cli --protocols TLS1.0 --port 5223 dragonsdawn.net > gives a very similar client hello and it receives server hello fine. > > The only way to get established ssl handshake openssl s_client is to use > the -ssl3 option. In some cases such as: > openssl s_client -tls1 -no_ticket -connect phantom.dragonsdawn.net:5223 > server hello is returned (with a certificate) but the openssl s_client > for some reason does not recognize the certificate. This is suspicious > and it might mean the openssl implementation is buggy too. >
This is probably something to do with the renegotiation fix. With -legacy_renogotiation and -no_ticket it does work. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
