Hi,
I am using openssl 0.9.6b with openldap 2.0.21(Red Hat Advanced Server
2.1 with kernel 2.4.9-e.3). The client is weblogic server. I created the
CA, server certificate and server key. I also made the client (weblogic
server) aware of the new CA. When I try to connect to the ldap server I
get this "decryption_failed" alert and the connection fails. The ssldump
is below. Any pointers would be greatly appreciated.
1 1 0.0006 (0.0006) C>S SSLv2 compatible client hello
Version 3.1
cipher suites
TLS_RSA_WITH_RC4_128_MD5
Unknown value 0xfeff
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Unknown value 0xfefe
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
1 2 0.0020 (0.0014) S>CV3.1(74) Handshake
ServerHello
Version 3.1
random[32]=
41 91 9a 6e ad 5a 54 37 06 59 b0 bd 8c 6a 38 7e
87 4f 25 b2 57 42 c1 00 24 53 b5 2a 8f 2c 02 4a
session_id[32]=
e9 08 7b e4 c9 80 b1 04 72 aa d1 0d bc b6 bd 7d
54 11 37 87 3f b6 07 1a 04 3e 2d 16 62 18 00 50
cipherSuite TLS_RSA_WITH_RC4_128_MD5
compressionMethod NULL
1 3 0.0020 (0.0000) S>CV3.1(1075) Handshake
Certificate
1 4 0.0020 (0.0000) S>CV3.1(4) Handshake
ServerHelloDone
1 5 0.0032 (0.0011) C>SV3.1(2) Alert
level fatal
value unknown_ca
1 0.0163 (0.0131) S>C TCP FIN
1 13.3796 (13.3632) C>S TCP RST
New TCP connection #2: johri-360.hq.itm-software.com(1831) <->
EngPerf1.hq.itm-software.com(636)
2 1 38.0887 (38.0887) C>S SSLv2 compatible client hello
Version 3.1
cipher suites
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_DHE_DSS_WITH_RC2_56_CBC_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
SSL2_CK_RC4_EXPORT40
TLS_ECDH_ECDSA_EXPORT_WITH_RC4_56_SHA
TLS_ECDH_ECDSA_EXPORT_WITH_RC4_40_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
TLS_RSA_WITH_NULL_MD5
TLS_RSA_WITH_NULL_SHA
TLS_DH_anon_EXPORT_WITH_RC4_40_MD5
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA
2 2 38.0893 (0.0005) S>CV3.1(74) Handshake
ServerHello
Version 3.1
random[32]=
41 91 9a e5 71 c0 07 61 cf 65 e5 5e 88 93 69 c2
d3 f2 1e 32 5f 91 88 59 74 0e cd 04 2e e3 df 69
session_id[32]=
e1 ae 8e 5c f7 d2 d7 0b 51 1f e0 ef 31 5f 8e 11
35 e9 cd 89 91 6f 3e 12 91 f3 62 24 f2 3a da 60
cipherSuite TLS_RSA_WITH_DES_CBC_SHA
compressionMethod NULL
2 3 38.0893 (0.0000) S>CV3.1(1075) Handshake
Certificate
2 4 38.0893 (0.0000) S>CV3.1(4) Handshake
ServerHelloDone
2 5 47.6564 (9.5671) C>SV3.1(134) Handshake
ClientKeyExchange
EncryptedPreMasterSecret[128]=
1e 15 29 18 0c 56 84 65 20 08 36 2b df bf 2c 37
32 21 1e 7a 7d cc f0 af 15 34 72 97 ae 17 5c 94
22 78 38 25 8b ad a8 ca a2 21 34 b7 2f b5 d7 c6
ba 8d 0a 28 34 57 35 5f d3 de ed 89 04 e7 52 d2
bd c4 3f 3f b7 9d 62 b7 9b a1 91 5a a7 8b 3c 3a
af 5f 0f 0e 7b 0b 84 43 0c 00 89 e8 28 ad e4 f2
b5 3c 81 f8 15 1c 97 14 27 06 84 08 06 08 06 bc
d3 78 ef 5f 85 15 ea f6 bf 04 ac 5a a9 ab 32 9a
2 6 47.6564 (0.0000) C>SV3.1(1) ChangeCipherSpec
2 7 47.6564 (0.0000) C>SV3.1(40) Handshake
2 8 47.6628 (0.0063) S>CV3.1(2) Alert
level fatal
value decryption_failed
2 9 47.6628 (0.0000) S>CV3.1(2) Alert
level fatal
value decrypt_error
2 47.6630 (0.0001) S>C TCP FIN
2 48.4097 (0.7467) C>S TCP RST
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
