"Matthew Fleming" <[EMAIL PROTECTED]> writes: > I would appreciate your help with the following, although it is not > strictly (or not only) and OpenSSL problem. > > I am trying to connect a Pocket PC to a Linux server. The Pocket PC uses > Schannel (which on the PPC apparently includes SSLv2 and SSLv3 but not > TLS) and the Linux server has OpenSSL. At this point I am just trying to > get small test programs to work. For the server, the test program is a > slightly modified version of the sserver program from Rescorla's book. I > have included most of the code from the client below, if it matters, but > basically all this does is make a socket, "turn on" SSL on the socket, > and tell the security functions to use SSLv3 protocols. The server > program also should be using SSLv3, because of a call to SSLv3_method(). > > Here is what ssldump reports: > > New TCP connection #2: net-204-140.dhcp.mcw.edu(1499) <-> > dp1.derm.mcw.edu(9734) 2 1 0.1544 (0.1544) C>S Handshake > ClientHello > Version 3.0 > cipher suites > SSL_RSA_WITH_RC4_128_MD5 > SSL_RSA_WITH_RC4_128_SHA > SSL_RSA_WITH_3DES_EDE_CBC_SHA > SSL_RSA_WITH_DES_CBC_SHA > SSL_RSA_EXPORT1024_WITH_RC4_56_SHA > SSL_RSA_EXPORT1024_WITH_DES_CBC_SHA > SSL_RSA_EXPORT_WITH_RC4_40_MD5 > SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 > compression methods > NULL > 2 2 0.1548 (0.0003) S>C Alert > level fatal > value handshake_failure > 2 0.1552 (0.0003) S>C TCP FIN > 2 0.1574 (0.0022) C>S TCP FIN > > and here is what I get from sserver: > > SSL accept error > 31654:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared > cipher:s3_srvr.c:772: > > According to the table in the back of Rescorla's book, OpenSSL does > support these suites, but the names (as listed in his book anyway) are > different; they begin with TLS rather than SSL. What keys are you using for the server? The keys that I ship with the code are DSA keys which would lead to exactly this error.
The 'server.pem' from openssl-*/apps is an RSA key. Have you tried using that? -Ekr P.S. Thanks for buying the book :) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
