> When I’m trying to run > > openssl s_client -connect courtapps.utcourts.gov:443 > > I constantly get an error: > > CONNECTED(00000003) > depth=3 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary > Certification Authority > verify error:num=19:self signed certificate in certificate chain > verify return:0 > 139877576062624:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed > or bad record mac:s3_pkt.c:484: > > The same thing for some other hosts, for example myrta.com:443 > The most of others work well. > > Disabling AES-NI doesn’t help. I tried > export OPENSSL_ia32cap=~0x200000200000000 > > before running the commend above. > > My host runs: > Ubuntu 12.04.4 > OpenSLL 1.0.1f built from the sources > > The same issue I had with ubuntu binary distribution of openssl 1.0.1
I can't reproduce the problem. As was pointed out in post to openssl-dev it was possible to work around it by adding -no_tls1_1. Now it negotiates SSLv3, so I suppose it effectively means that it is in fact problem with their server. I mean the fact the -no_tls1_1 reportedly helped indicates that they were negotiating TLS1.x, and the fact that now we end up with SSLv3 means they no longer do that. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
