Re: Handshake failure when doing a client SSL_write.

Tue, 28 Mar 2000 13:13:25 -0800 

From: "Rodger Williams" <[EMAIL PROTECTED]>
Subject: Handshake failure when doing a client SSL_write.
Date: Tue, 28 Mar 2000 11:17:23 -0800
Message-ID: <s8e094cf.015@cirrus>

RWilliams> Hi, I have developed a Linux-based proxy server that successfully transfers 
data between a client and an API server.  I am trying to layer OpenSSL onto the client 
and proxy server, using s_client & s_server as examples.  I am receiving from the 
client  the error: ...routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:216:
RWilliams> Simplifying my code and viewing s23_lib.c does not help.  What am I doing 
wrong?  A condensed listing of my code follows.  Thank-you for taking the time to help 
me!
RWilliams> 
[...]
RWilliams> SSL_CTX_set_cipher_list(ctx, "SSL_CIPHER");

I would remove that line.  As far as I know, there's no cipher called
"SSL_CIPHER".  However, it's been a bit standard to use the
environmetn with that name if available, and since
SSL_CTX_set_cipher_list() does nothing with a NULL, the following
would be pretty safe:

        SSL_CTX_set_cipher_list(ctx, getenv("SSL_CIPHER"));

The other mistake is that you don't check the return value.  If it
returns 0, something was wrong with the list.

Personally, I'd take that call away completely.  The default is
usually good enough :-)..

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis             -- [EMAIL PROTECTED]
           Member of the OpenSSL development team

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to