Thanks. I eventually reduced the problem to s_server running against a
stripped-down version of my server, all on a newly installed OS (to avoid
DLL confusion). After adding trace statements to the code I found that I
was missing a callback in my code to calculate a temporary RSA key (yes, I
could have spotted it from s_server output further down the page if I had
thought more clearly; yes I could have spotted it by comparing source if I
had concentrated better...!)
Cheers,
Andrew
At 12:10 PM 2/16/01 +0100, Lutz Jaenicke wrote:
>On Fri, Feb 16, 2001 at 10:56:47AM +0000, Andrew Cooke wrote:
> > Thanks for two good suggestions. Although I was using neither, they don't
> > change much:
> >
> > - I am now using SSLv23_method and SSL_OP_ALL
> > - The connection fails unless SSL_OP_NO_SSLv3 is included (ie SSLv3 is
> > excluded)
> > - The error is now "No common cipher" (handshake B; no handshake A)
> >
> > "No common cipher" suggests *very* strongly that I have an error in my
> > compilation/linking/library that is excluding some cipher suite. However,
> > when I list the available ciphers from within the code everything seems
> > correct and the same libraries work with SSLv2 (or rather, with SSLv3
> > disabled) and with other browsers.
>
>I don't have a NN 4.5 available by now, it is quite old, isn't it.
>The "No common cipher" seems a bit strange to me. Let me suggest two
>more things:
>- Set up s_server and try to connect to it. s_server will probably more
> comparable to your code.
> (With or without bug workarounds, see the list of options.)
>- There is a difference to mod_ssl in that mod_ssl also restricts the ciphers
> allowed by removing the EXPORT56 ciphers.
> There is a IE bug with them, I am not aware that Netscape should also be
> affected, but it is well worth a try.
> If this applies, the first test should have failed :-)
> Check out the default cipherstring used in mod_ssl and use it for s_server.
>
>Best regards,
> Lutz
>--
>Lutz Jaenicke [EMAIL PROTECTED]
>BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
>Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
>Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
>______________________________________________________________________
>OpenSSL Project http://www.openssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
