Steve,
I have tried the s_client and I works with IIS. I forgot to mention that all the SSL/TLS negotiation and record processing is basically my own implementation. Well, the so-called "bug" is an additional two bytes of length inserted between the HanshakeProtocol header and actual KeyExchage and I have it as well. The OpenSSL understands that feature. I have traced the communication between the IIS and their own SSLclient (wfetch) from the IIS resource kit and have noticed that they always insert this "bug".
Igor.
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dr. Stephen Henson Sent: May 14, 2004 2:40 PM To: [EMAIL PROTECTED] Subject: Re: ssl negotiation failed with Microsoft IIS
On Fri, May 14, 2004, Igor G wrote:
Hi,
I am writing a small ssl/tls client and it does communicate with OpenSSL/apache without any problem using all possible ciphers. However it fails to connect to the IIS. The IIS just drops a connection after ClientKeyExchane+ChangeCipher+Finished message without any alerts. The IIS does not produce a lot of logging output and I could not find any reference how to enable it. So, I am very much puzzled and I wonder if someone has any knowledge of possible differences for the IIS SSL negotiation and can give me a tip about that problem.
Try connecting with s_client to see if that works. If it doesn't try options like "-bugs" or "-cipher RC4".
Steve.
_________________________________________________________________
Free yourself from those irritating pop-up ads with MSn Premium. Get 2months FREE* http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
