Louis LeBlanc wrote:
>
> Dr S N Henson wrote:
> >
> > What command did you use to produce that message? Were you attempting to
> > connect to a remote server, if its is on the internet its address would
> > help.
> >
> > There are several possible causes of that message such as as connecting
> > to a server with a broken SSL/TLS implementation.
> >
> > Steve.
>
> I have seen this error on occasion when trying to connect to an Apache
> server with ModSSL. Since it uses OpenSSL, I would tend to give it the
> benefit of the doubt in terms of wether it is broken or not.
>
> I do not see this error all the time, one out of every couple thousand
> connections, maybe a little more when there is a lot of other traffic on
> the test network. Though I can't be sure at this point, I suspect it
> happens in the connect attempt.
>
> When it does show up, I always see a similar message in the Apache log.
>
> Any ideas there?
>
Tricky. It could be the client sending garbage or not politely closing
the connection, a server problem or some obscure race condition in
either client or server.
If I *really* wanted to trace the cause then I'd start by printing out
the expected and received MACs on each side (if possible on client) and
then independently verifying them with some sniffer [can ssldump check
MACs?].
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
