Netscape 4.5 and openssl

Levy itai Mon, 14 Aug 2000 01:13:39 -0700

Hi,

I have a problem connecting with a Netscape 4.5 browser to an Openssl server
using ssl v.23.

I get the following error on the browser: "Netscape has encountered bad data
from the server".

When I run the s_server from apps in the following way: openssl s_server
-cert webcert.pem -debug -key webkey.pem -accept 443 -www
in order to debug the problem, I get the same symptoms and the same error on
the browser.

Is there a known bug using Netscape version 4.5 ?

If I enable only SSL 2 on the browser then everything works fine.

Following the output debug information I get:

Using default temp DH parameters
ACCEPT
read from 00CFCA00 [010E9A58] (11 bytes => 11 (0xB))
0000 - 80 25 01 03 00 00 0c 00-00 00 10                  .%.........
read from 00CFCA00 [010E9A63] (28 bytes => 28 (0x1C))
0000 - 02 00 80 04 00 80 00 00-03 00 00 06 7f a2 d0 52   ...............R
0010 - c9 2b 86 2c 5b a1 00 e9-93 cc 65                  .+.,[.....e
001c - <SPACES/NULS>
before ssl3_get_client_hello() 
after ssl3_get_client_hello() success 
before ssl3_send_server_hello() 
after ssl3_send_server_hello() success 
write to 00CFCA00 [00CD61F0] (79 bytes => 79 (0x4F))
0000 - 16 03 00 00 4a 02 00 00-46 03 00 39 97 d1 e4 cd   ....J...F..9....
0010 - f4 57 d3 60 25 50 1c 74-64 7b e4 fe 86 cd 22 34   .W.`%P.td{...."4
0020 - 4a 79 fd 1b 02 9b 07 40-da 76 84 20 c2 db 76 97   Jy.....@.v. ..v.
0030 - ba c3 07 05 88 cb 84 6d-8f 72 f0 4b dd b5 2f f2   .......m.r.K../.
0040 - f1 f9 09 95 96 4c 84 e4-2a 42 9b f8 00 03         .....L..*B....
004f - <SPACES/NULS>
before ssl3_send_server_certificate() 
before ssl3_send_server_certificate() success 
write to 00CFCA00 [00CD61F0] (769 bytes => 769 (0x301))
0000 - 16 03 00 02 fc 0b 00 02-f8 00 02 f5 00 02 f2 30   ...............0
0010 - 82 02 ee 30 82 02 57 a0-03 02 01 02 02 03 01 32   ...0..W........2
0020 - 8a 30 0d 06 09 2a 86 48-86 f7 0d 01 01 04 05 00   .0...*.H........
0030 - 30 81 c4 31 0b 30 09 06-03 55 04 06 13 02 5a 41   0..1.0...U....ZA
0040 - 31 15 30 13 06 03 55 04-08 13 0c 57 65 73 74 65   1.0...U....Weste
0050 - 72 6e 20 43 61 70 65 31-12 30 10 06 03 55 04 07   rn Cape1.0...U..
0060 - 13 09 43 61 70 65 20 54-6f 77 6e 31 1d 30 1b 06   ..Cape Town1.0..
0070 - 03 55 04 0a 13 14 54 68-61 77 74 65 20 43 6f 6e   .U....Thawte Con
0080 - 73 75 6c 74 69 6e 67 20-63 63 31 28 30 26 06 03   sulting cc1(0&..
0090 - 55 04 0b 13 1f 43 65 72-74 69 66 69 63 61 74 69   U....Certificati
00a0 - 6f 6e 20 53 65 72 76 69-63 65 73 20 44 69 76 69   on Services Divi
00b0 - 73 69 6f 6e 31 19 30 17-06 03 55 04 03 13 10 54   sion1.0...U....T
00c0 - 68 61 77 74 65 20 53 65-72 76 65 72 20 43 41 31   hawte Server CA1
00d0 - 26 30 24 06 09 2a 86 48-86 f7 0d 01 09 01 16 17   &0$..*.H........
00e0 - 73 65 72 76 65 72 2d 63-65 72 74 73 40 74 68 61   server-certs@tha
00f0 - 77 74 65 2e 63 6f 6d 30-1e 17 0d 30 30 30 37 31   wte.com0...00071
0100 - 39 31 32 31 35 35 31 5a-17 0d 30 31 30 38 30 32   9121551Z..010802
0110 - 31 32 31 35 35 31 5a 30-81 80 31 0b 30 09 06 03   121551Z0..1.0...
0120 - 55 04 06 13 02 49 4c 31-0f 30 0d 06 03 55 04 08   U....IL1.0...U..
0130 - 13 06 49 73 72 61 65 6c-31 14 30 12 06 03 55 04   ..Israel1.0...U.
0140 - 07 13 0b 50 65 74 61 68-20 54 69 6b 76 61 31 1e   ...Petah Tikva1.
0150 - 30 1c 06 03 55 04 0a 13-15 41 6c 67 6f 72 69 74   0...U....Algorit
0160 - 68 6d 69 63 20 52 65 73-65 61 72 63 68 20 31 14   hmic Research 1.
0170 - 30 12 06 03 55 04 0b 13-0b 50 72 69 76 61 74 65   0...U....Private
0180 - 57 69 72 65 31 14 30 12-06 03 55 04 03 13 0b 77   Wire1.0...U....w
0190 - 65 62 2e 61 72 78 2e 63-6f 6d 30 81 9f 30 0d 06   eb.arx.com0..0..
01a0 - 09 2a 86 48 86 f7 0d 01-01 01 05 00 03 81 8d 00   .*.H............
01b0 - 30 81 89 02 81 81 00 e7-bb 50 55 cf d6 10 28 4a   0........PU...(J
01c0 - 90 ed 30 34 2d ce e9 bc-2f 5e be 43 73 6f 1b 1c   ..04-.../^.Cso..
01d0 - 91 98 dc 9c b2 fe 3f 63-1a 5a c7 da 19 92 bc 85   ......?c.Z......
01e0 - ec c7 ee a2 d9 85 7d bd-ff d8 f1 7f f6 5a 70 7e   ......}......Zp~
01f0 - 95 73 b3 36 1d 64 ca 92-71 dd 83 eb 50 16 a2 8f   .s.6.d..q...P...
0200 - 7f 4d 13 3d fd b5 8f 14-1e d3 77 3c a7 f9 c7 94   .M.=......w<....
0210 - ac 08 b7 42 f3 58 34 e6-fa a6 4a 41 33 1f a2 8a   ...B.X4...JA3...
0220 - d7 27 89 4b c0 59 d5 5c-ac 4a a8 ad fc 72 c0 23   .'.K.Y.\.J...r.#
0230 - 79 2d 45 ec 00 53 e7 02-03 01 00 01 a3 30 30 2e   y-E..S.......00.
0240 - 30 1e 06 03 55 1d 25 04-17 30 15 06 08 2b 06 01   0...U.%..0...+..
0250 - 05 05 07 03 01 06 09 60-86 48 01 86 f8 42 04 01   .......`.H...B..
0260 - 30 0c 06 03 55 1d 13 01-01 ff 04 02 30 00 30 0d   0...U.......0.0.
0270 - 06 09 2a 86 48 86 f7 0d-01 01 04 05 00 03 81 81   ..*.H...........
0280 - 00 bc 4a 9d 31 26 fb 82-9d 13 26 b2 03 21 a8 f0   ..J.1&....&..!..
0290 - 77 f1 bc 0a 73 41 f2 95-80 44 e5 14 36 47 ab 0b   w...sA...D..6G..
02a0 - 32 57 b2 fb 36 e0 69 7a-72 01 c3 a2 e1 75 56 39   2W..6.izr....uV9
02b0 - 07 a3 36 ce 68 60 27 f7-1c dd d4 6f e5 c9 18 5b   ..6.h`'....o...[
02c0 - 23 7d 05 d1 cf 37 57 b0-27 6e 0a 4d 95 6d ea 46   #}...7W.'n.M.m.F
02d0 - c7 19 a4 7a 42 a9 bb 8f-d2 28 9c 4a eb f3 23 c1   ...zB....(.J..#.
02e0 - 26 32 12 f7 ef f1 f9 28-58 c2 19 2a f2 d4 62 19   &2.....(X..*..b.
02f0 - c9 74 14 17 be 8c df 8a-61 0f 60 15 34 d1 d5 67   .t......a.`.4..g
0300 - e3                                                .
before ssl3_send_server_done() 
after ssl3_send_server_done() success 
write to 00CFCA00 [00CD61F0] (9 bytes => 9 (0x9))
0000 - 16 03 00 00 04 0e                                 ......
0009 - <SPACES/NULS>
before ssl3_check_client_hello() 
read from 00CFCA00 [010E9A58] (5 bytes => 5 (0x5))
0000 - 15 03 00 00 02                                    .....
read from 00CFCA00 [010E9A5D] (2 bytes => 2 (0x2))
0000 - 01                                                .
0002 - <SPACES/NULS>
 ERROR !!! 
131:error:140780E5:SSL routines:SSL23_READ:ssl handshake
failure:.\ssl\s23_lib.c
:186:
ACCEPT
   0 items in the session cache
   0 client connects (SSL_connect())
   0 client renegotiates (SSL_connect())
   0 client connects that finished
   1 server accepts (SSL_accept())
   0 server renegotiates (SSL_accept())
   0 server accepts that finished
   0 session cache hits
   0 session cache misses
   0 session cache timeouts
   0 callback cache hits
   0 cache full overflows (128 allowed)


Please help !!!

Itai Levy,
Software Developer R&D
Algorithmic Research Ltd. ( Data Security Across the Enterprise )
10 Nevatim st., Kiryat Matalon
Petah Tikva 49561
Israel

Tel: +972-3-9279514
e-mail:[EMAIL PROTECTED]
http://www.arx.com


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Netscape 4.5 and openssl

Reply via email to
