On Mon, 2009-11-16 at 01:28 +0100, Stephen Henson via RT wrote: > > [tm...@redhat.com - Sun Nov 15 23:29:28 2009]: > > > > See also https://bugzilla.redhat.com/show_bug.cgi?id=533234 > > > > openssl s_client -connect phantom.dragonsdawn.net:5223 > > > > fails to get server hello message from the server. It's apparent that > > the server is somehow broken but > > gnutls-cli --protocols TLS1.0 --port 5223 dragonsdawn.net > > gives a very similar client hello and it receives server hello fine. > > > > The only way to get established ssl handshake openssl s_client is to use > > the -ssl3 option. In some cases such as: > > openssl s_client -tls1 -no_ticket -connect phantom.dragonsdawn.net:5223 > > server hello is returned (with a certificate) but the openssl s_client > > for some reason does not recognize the certificate. This is suspicious > > and it might mean the openssl implementation is buggy too. > > > > This is probably something to do with the renegotiation fix. With > -legacy_renogotiation and -no_ticket it does work.
Ah, yes, that's clear now. -- Tomas Mraz No matter how far down the wrong road you've gone, turn back. Turkish proverb ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org