due to operational reasons (needing a real web server) The server side for testing is now on https://nginxtest.openquery.com:4433
I tested the openssl client again just compiled from cvs and it still tls alerts and aborts connection: apps/openssl s_client -connect nginxtest.openquery.com:4433 -sess_out /tmp/ss.test; sleep 15; apps/openssl s_client -connect nginxtest.openquery.com:4433 -sess_in /tmp/ss.test -msg ... TLS session ticket: 0000 - eb 29 61 98 4b 77 6a f5-2b c2 85 c7 35 f3 a6 2f .)a.Kwj.+...5../ 0010 - 81 0b d0 26 8b c2 9f fa-12 f5 6a 3c e4 20 43 b3 ...&......j<. C. 0020 - 3b 98 3f 55 ac f3 a3 d5-f3 b5 69 98 56 03 e1 bf ;.?U......i.V... 0030 - b7 28 f1 ae d1 6a 07 c5-59 a7 15 55 c4 37 87 3e .(...j..Y..U.7.> 0040 - bf 88 ec 64 ee 01 64 69-41 78 81 5f ce 4d 3d 4e ...d..diAx._.M=N 0050 - 3a 0b 14 e9 58 05 10 f3-84 a5 76 e4 5f 91 d8 7b :...X.....v._..{ 0060 - 15 51 b0 02 84 4e ef 1c-7d 65 ee 42 03 c1 95 a0 .Q...N..}e.B.... 0070 - ff d8 01 74 c2 a2 f4 bf-c9 67 32 cc 21 8f 42 50 ...t.....g2.!.BP 0080 - c1 1e 64 f0 2c f9 92 be-62 15 aa 7c d2 4d 51 91 ..d.,...b..|.MQ. 0090 - 5c 9e 05 3e 29 02 1b 27-db 26 4f e6 3a c3 9c 45 \..>)..'.&O.:..E ... (user input ctrl-D) DONE .. CONNECTED(00000003) ..... >>> TLS 1.2 Handshake [length 022c], ClientHello <<< TLS 1.2 Handshake [length 005a], ServerHello ... <<< TLS 1.2 Handshake [length 00aa]??? ... <<< TLS 1.2 ChangeCipherSpec [length 0001] .. <<< TLS 1.2 Handshake [length 0010], Finished .. >>> TLS 1.2 ChangeCipherSpec [length 0001] .. >>> TLS 1.2 Handshake [length 0010], Finished .... ... SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-GCM-SHA384 Session-ID: 05931AFAEC252E1E37F8B92F6D4D012E565AF509941151022F3A9284C96F1680 Session-ID-ctx: Master-Key: 039B95D421F4C3589B93708CB77AABA61547125400CBC52CD4047242BE2373B78E8FA205A639178184283B4F0E9B7F83 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket: 0000 - 96 21 91 8a 62 55 f9 dc-99 2a ac 2f 94 82 36 93 .!..bU...*./..6. 0010 - 94 22 bc fe a6 77 fa f2-2b a5 25 a8 36 02 fd e8 ."...w..+.%.6... 0020 - 35 fb 66 55 ee 68 33 6f-59 e2 58 c4 80 5c a8 b5 5.fU.h3oY.X..\.. 0030 - 63 cd e8 e9 37 db 7a bf-ce 55 0f 85 4a f1 e9 e9 c...7.z..U..J... 0040 - 0d 89 78 bf 20 a4 ac 6e-a9 58 e8 69 44 63 91 c0 ..x. ..n.X.iDc.. 0050 - 0c 08 54 94 33 13 3a 6a-6b 92 67 a8 9e bf 48 03 ..T.3.:jk.g...H. 0060 - 35 27 69 82 2d dc 92 8a-54 d2 19 61 27 45 6d 10 5'i.-...T..a'Em. 0070 - 91 c3 e5 82 53 7d fd 11-95 e6 5f 08 9a 6d 07 93 ....S}...._..m.. 0080 - 91 76 94 91 4f 39 85 83-9d 0a 4d 31 f9 8f 37 a9 .v..O9....M1..7. 0090 - 32 83 1f 3e b6 7b a4 d7-cc 8d c3 45 de b2 1d 71 2..>.{.....E...q ... --- read:errno=0 >>> TLS 1.2 Alert [length 0002], warning close_notify 01 00 with tls1.0 I get the following >>> TLS 1.0 Alert [length 0002], fatal unexpected_message 02 0a 139777944635232:error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected message:s3_both.c:460: -- Daniel Black ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org