On 02/02/2014 09:55 AM, Maksym Polshcha via RT wrote: > When I’m trying to run > > openssl s_client -connect courtapps.utcourts.gov:443 > > I constantly get an error: > > CONNECTED(00000003) > depth=3 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary > Certification Authority > verify error:num=19:self signed certificate in certificate chain > verify return:0 > 139877576062624:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed > or bad record mac:s3_pkt.c:484:
I get the same response on this server, but i can make it go away if i
add the -no_tls1_1 flag for s_client.
i suspect this is a buggy server that is TLS 1.1 intolerant.
According to the HTTP headers it offers, it is running:
HTTP/1.1 200 OK
Via: HTTP/1.1 edge2.utcourts.gov (IBM-PROXY-WTE)
Date: Sun, 02 Feb 2014 12:52:45 GMT
Server: IBM_HTTP_Server/6.1.0.29 Apache/2.0.47 (Unix)
apache 2.0.47 is quite old. I don't know what TLS implementation is
bundled with IBM_HTTP_Server/6.1.0.29, though.
--dkg
signature.asc
Description: OpenPGP digital signature
