due to operational reasons (needing a real web server) The server side for
testing is now on https://nginxtest.openquery.com:4433
I tested the openssl client again just compiled from cvs and it still tls
alerts and aborts connection:
apps/openssl s_client -connect nginxtest.openquery.com:4433 -sess_out
/tmp/ss.test; sleep 15; apps/openssl s_client -connect
nginxtest.openquery.com:4433 -sess_in /tmp/ss.test -msg
...
TLS session ticket:
0000 - eb 29 61 98 4b 77 6a f5-2b c2 85 c7 35 f3 a6 2f .)a.Kwj.+...5../
0010 - 81 0b d0 26 8b c2 9f fa-12 f5 6a 3c e4 20 43 b3 ...&......j<. C.
0020 - 3b 98 3f 55 ac f3 a3 d5-f3 b5 69 98 56 03 e1 bf ;.?U......i.V...
0030 - b7 28 f1 ae d1 6a 07 c5-59 a7 15 55 c4 37 87 3e .(...j..Y..U.7.>
0040 - bf 88 ec 64 ee 01 64 69-41 78 81 5f ce 4d 3d 4e ...d..diAx._.M=N
0050 - 3a 0b 14 e9 58 05 10 f3-84 a5 76 e4 5f 91 d8 7b :...X.....v._..{
0060 - 15 51 b0 02 84 4e ef 1c-7d 65 ee 42 03 c1 95 a0 .Q...N..}e.B....
0070 - ff d8 01 74 c2 a2 f4 bf-c9 67 32 cc 21 8f 42 50 ...t.....g2.!.BP
0080 - c1 1e 64 f0 2c f9 92 be-62 15 aa 7c d2 4d 51 91 ..d.,...b..|.MQ.
0090 - 5c 9e 05 3e 29 02 1b 27-db 26 4f e6 3a c3 9c 45 \..>)..'.&O.:..E
...
(user input ctrl-D)
DONE
..
CONNECTED(00000003)
.....
>>> TLS 1.2 Handshake [length 022c], ClientHello
<<< TLS 1.2 Handshake [length 005a], ServerHello
...
<<< TLS 1.2 Handshake [length 00aa]???
...
<<< TLS 1.2 ChangeCipherSpec [length 0001]
..
<<< TLS 1.2 Handshake [length 0010], Finished
..
>>> TLS 1.2 ChangeCipherSpec [length 0001]
..
>>> TLS 1.2 Handshake [length 0010], Finished
....
...
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 05931AFAEC252E1E37F8B92F6D4D012E565AF509941151022F3A9284C96F1680
Session-ID-ctx:
Master-Key:
039B95D421F4C3589B93708CB77AABA61547125400CBC52CD4047242BE2373B78E8FA205A639178184283B4F0E9B7F83
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket:
0000 - 96 21 91 8a 62 55 f9 dc-99 2a ac 2f 94 82 36 93 .!..bU...*./..6.
0010 - 94 22 bc fe a6 77 fa f2-2b a5 25 a8 36 02 fd e8 ."...w..+.%.6...
0020 - 35 fb 66 55 ee 68 33 6f-59 e2 58 c4 80 5c a8 b5 5.fU.h3oY.X..\..
0030 - 63 cd e8 e9 37 db 7a bf-ce 55 0f 85 4a f1 e9 e9 c...7.z..U..J...
0040 - 0d 89 78 bf 20 a4 ac 6e-a9 58 e8 69 44 63 91 c0 ..x. ..n.X.iDc..
0050 - 0c 08 54 94 33 13 3a 6a-6b 92 67 a8 9e bf 48 03 ..T.3.:jk.g...H.
0060 - 35 27 69 82 2d dc 92 8a-54 d2 19 61 27 45 6d 10 5'i.-...T..a'Em.
0070 - 91 c3 e5 82 53 7d fd 11-95 e6 5f 08 9a 6d 07 93 ....S}...._..m..
0080 - 91 76 94 91 4f 39 85 83-9d 0a 4d 31 f9 8f 37 a9 .v..O9....M1..7.
0090 - 32 83 1f 3e b6 7b a4 d7-cc 8d c3 45 de b2 1d 71 2..>.{.....E...q
...
---
read:errno=0
>>> TLS 1.2 Alert [length 0002], warning close_notify
01 00
with tls1.0 I get the following
>>> TLS 1.0 Alert [length 0002], fatal unexpected_message
02 0a
139777944635232:error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected
message:s3_both.c:460:
--
Daniel Black
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
