On Wed, Jun 16, 1999 at 01:07:18AM +0200, Bodo Moeller wrote:
> "James H. Cloos Jr." <[EMAIL PROTECTED]>:
>> Using lynx-ssl linked against 0.9.3 I find there are many sites (none
>> using ssleay or openssl, incidently) I cannot connect to. s_client
>> to those sites (again w/ 0.9.3 shows errors such as:
>> 28770:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:203:
>> from www.e-gold.com and:
>> 28808:error:1407D071:SSL routines:SSL2_READ:bad mac decode:s2_pkt.c:213:
>> from banking.wellsfargo.com.
>> Lynx-ssl (currently) calls SSL_CTX_new(SSLv23_client_method()) and has
>> no option to choose SSLv2_client_method or SSLv3_client_method
>> instead.
> But (at least in the version that I am using) it reconnects without
> TLS support (SSL_OP_NO_TLSv1) if the first connection attempt failed.
[...]
Connecting to www.e-gold.com works for me with the -no_tls1 option
(you get a SSLv3 connection with the ciphersuite that OpenSSL calls
RC4-MD5), so the Lynx-SSL reconnecting strategy should work just as
well. Without that option, the server (Microsoft-IIS/4.0) does not
answer the client's requests and just closes the connection
immediately. This is obviously a server bug; why the Lynx-SSL
reconnection did not work for you I cannot tell.
With banking.wellsfargo.com, there is a nearly complete handshake when
s_client is started without options (other than -state -debug -connect
...:443), and with -no_tls1 it still fails; with -ssl2 it works
(SSLv2, DES-CBC3-MD5, ancient Netscape-Commerce/1.12 server). This
too appears to be a server bug.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
