On 04/21/2014 12:04 PM, Nayna Jain wrote:
Thanks for the quick response.
I think sometimes it reaches to the state of certiicates handshake.. not
sure for everytime as it appears randomly.
Was just wondering , is it not possible to make it bit meaningful. I mean
it is shown randomly for different reason. And many times many the first
reason comes is as - it as mismatch issue between server and client SSL
connection either protocol or certificates like that..
Thanks & Regards,
Nayna Jain
From: Brad House <[email protected]>
To: [email protected],
Date: 04/21/2014 04:48 PM
Subject: Re: SSL negotiation failed: error:00000000:lib(0):func
(0):reason(0)
Sent by: [email protected]
On 4/21/14 5:20 AM, Nayna Jain wrote:
I have seen this error many times for different reasons. Am not able to
make meaning out of this error
SSL negotiation failed: error:00000000:lib(0):func(0):reason(0)
It means no SSL error occurred. Typically you'll see this in a server
environment when a client initiates a connection to the server, but
then immediately disconnects, or sends data other than beginning
SSL negotiation.
If I'm not mistaken, the client should be sending a TLS alert code to the
server if they are choosing to disconnect due to a certificate error.
OpenSSL will then return the alert code received in that error message
rather than a reason code of 0. So it sort of makes sense that OpenSSL
wouldn't return an SSL error because the client simply disconnected,
so there wasn't technically an error other than the fact that the
client disconnected without sending an alert as to why.
Some info here on various alerts:
http://en.wikipedia.org/wiki/Transport_Layer_Security#Alert_protocol
I do agree though that it would be helpful to have a few additional
error codes to help indicate these sort of circumstances, it would aid
in debugging issues in the field for why SSL negotiation might have
failed since you may not have control over the client side to determine
such failures.
-Brad
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
