On Mon, 2009-11-16 at 01:28 +0100, Stephen Henson via RT wrote: 
> > [tm...@redhat.com - Sun Nov 15 23:29:28 2009]:
> > 
> > See also https://bugzilla.redhat.com/show_bug.cgi?id=533234
> > 
> > openssl s_client -connect phantom.dragonsdawn.net:5223
> > 
> > fails to get server hello message from the server. It's apparent that
> > the server is somehow broken but
> > gnutls-cli --protocols TLS1.0 --port 5223 dragonsdawn.net
> > gives a very similar client hello and it receives server hello fine. 
> > 
> > The only way to get established ssl handshake openssl s_client is to use
> > the -ssl3 option. In some cases such as:
> > openssl s_client -tls1 -no_ticket -connect phantom.dragonsdawn.net:5223
> > server hello is returned (with a certificate) but the openssl s_client
> > for some reason does not recognize the certificate. This is suspicious
> > and it might mean the openssl implementation is buggy too.
> > 
> 
> This is probably something to do with the renegotiation fix. With
> -legacy_renogotiation and -no_ticket it does work.

Ah, yes, that's clear now.

-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to