Sorry Tim - Missed the header - DOH! The Net::SSLeay module supports the
OP_NO_TLSv1 op, but you have to do it one of two ways. The first way is to
use the low leve interface. You would replace the &OP_ALL in the options
call with &OP_NO_TLSv1. The other way is a bit more dangerous - mostly
because this will disable it for ALL of your connections, and you have to
make sure that you document it in case you update the module. You will need
to edit the SSLeay.pm and change the &OP_ALL to &OP_NO_TLSv1 in the
https_cat sub. I hope this helps.
-Peter
Tim Behrendsen wrote:
> The web server appears to be ">Stronghold/2.2 Apache/1.2.5 C2NetUS/2002",
> according to the return header. The Perl module is Net_SSLeay.
>
> Tim
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Peter Bowen
> Sent: Thursday, December 09, 1999 8:55 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Problem with retrieving Ameritrade https page
>
> Tim - read between the lines ;).... See Below....
>
> Dennis Glatting wrote:
> >
> > > Tim Behrendsen wrote:
> > >
> > > RedHat Linux 6.1
> > > OpenSSL version 0.9.4
> > > Perl version: 5.005_03
> > > SSLeay version: 1.04
> > >
> > > This originally failed under Perl, but it gives the same error by
> > > running 'openssl' directly (I give you the other versions for
> > > drill...)
> > >
> > > Here's the command:
> > >
> > > echo 'GET /cgi-bin/login.cgi' | /usr/local/ssl/bin/openssl s_client
> > > -connect wwws.ameritrade.com:443
> > > CONNECTED(00000003)
> > > 1042:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> > > failure:s23_lib.c:203:
> > >
> > > Note the "wwws".
> > >
> > > Any help would be appreciated. Thanks!
> > >
> > > Tim Behrendsen
> >
> > www.badecommerce.com, which uses OpenSSL 0.9.4, says:
> >
> > Date: Wed Dec 8 16:56:32 1999
> >
> > Site: wwws.ameritrade.com
> > Port: 443
> >
> > Resolves to:
> >
> > FQDN: 'wwws.ameritrade.com'
> > Address: '198.200.171.101'
> >
> > 198.200.171.101:
> > TCP connected (trying TLS)
> > connected as 'TLSv1'
> >
>
> !!!*** Here we are - The site doesn't support TLSv1 - Maybe a Sun Java
> Web Server? Which perl module are you using?
>
> -Peter
>
> > *** remote site closed connection ***
> >
> > TCP connected (trying SSLv3)
> > connected as 'SSLv3'
> >
> > Protection suite:
> >
> > Identifier: EDH-RSA-DES-CBC3-SHA
> > Authentication: RSA
> > Key exchange: DH
> > Encryption: 3DES(168)
> > MAC: SHA1
> > *** SAFE ***
> >
> > Site certificate:
> >
> > Subject: C=US, ST=Nebraska, L=Omaha, O=Ameritrade Holding, OU=AIS,
> > CN=wwws.ameritrade.com
> > Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server
> > Certification Authority
> > Validity
> > Not Before: Jul 15 00:00:00 1999 GMT
> > Not After : Jul 30 23:59:59 2000 GMT
> > *** Certificate verified ***
> >
> > TCP connected (trying SSLv2)
> > connected as 'SSLv2'
> >
> > Protection suite:
> >
> > Identifier: DES-CBC3-MD5
> > Authentication: RSA
> > Key exchange: RSA
> > Encryption: 3DES(168)
> > MAC: MD5
> > *** SAFE ***
> >
> > Site certificate:
> >
> > Subject: C=US, ST=Nebraska, L=Omaha, O=Ameritrade Holding, OU=AIS,
> > CN=wwws.ameritrade.com
> > Issuer: C=US, O=RSA Data Security, Inc., OU=Secure Server
> > Certification Authority
> > Validity
> > Not Before: Jul 15 00:00:00 1999 GMT
> > Not After : Jul 30 23:59:59 2000 GMT
> > *** Certificate verified ***
>
> --
> Peter Bowen
> Unix System Programmer
> Excite@Home e-Business Services Group
> [EMAIL PROTECTED]
> (801)226-5007
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
