On Mon, 2009-11-16 at 01:28 +0100, Stephen Henson via RT wrote:
> > [tm...@redhat.com - Sun Nov 15 23:29:28 2009]:
> >
> > See also https://bugzilla.redhat.com/show_bug.cgi?id=533234
> >
> > openssl s_client -connect phantom.dragonsdawn.net:5223
> >
> > fails to get server hello message from the server. It's apparent that
> > the server is somehow broken but
> > gnutls-cli --protocols TLS1.0 --port 5223 dragonsdawn.net
> > gives a very similar client hello and it receives server hello fine.
> >
> > The only way to get established ssl handshake openssl s_client is to use
> > the -ssl3 option. In some cases such as:
> > openssl s_client -tls1 -no_ticket -connect phantom.dragonsdawn.net:5223
> > server hello is returned (with a certificate) but the openssl s_client
> > for some reason does not recognize the certificate. This is suspicious
> > and it might mean the openssl implementation is buggy too.
> >
>
> This is probably something to do with the renegotiation fix. With
> -legacy_renogotiation and -no_ticket it does work.
Ah, yes, that's clear now.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
