> See if you can connect to the server using the s_client test program. For > example: > > openssl s_client -conntect hostname:995 > > (use whatever port it uses for POP4+SSL, 995 is standard).
Output from 'openssl s_client' follows: [EMAIL PROTECTED] /]# openssl s_client -connect ipostoffice.worldnet.att.net:995 CONNECTED(00000005) depth=1 /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/C=US/ST=New Jersey/L=Middletown/O=AT&T/OU=WorldNet/CN=ipostoffice.worldnet .att.net i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority 1 s:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIDxzCCAzSgAwIBAgIQePDFqFMk1AlFDRG1iBFXWzANBgkqhkiG9w0BAQUFADBf MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4x LjAsBgNVBAsTJVNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw HhcNMDQwNTA2MDAwMDAwWhcNMDUwNTA2MjM1OTU5WjCBgDELMAkGA1UEBhMCVVMx EzARBgNVBAgTCk5ldyBKZXJzZXkxEzARBgNVBAcUCk1pZGRsZXRvd24xDTALBgNV BAoUBEFUJlQxETAPBgNVBAsUCFdvcmxkTmV0MSUwIwYDVQQDFBxpcG9zdG9mZmlj ZS53b3JsZG5ldC5hdHQubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl bCW+xGGUN+ZIzU8yv7GTDdOs65VWmA41ud0ds4wIbWgL3sJb6fhFc5gdG6BvpwTb nYRAxTY8bGwdK2Lg4SIINtvztSEAknArhkEcRokLQDGU19AEyu3sFVh9ZXmXQho0 yz9E2kyhaHqGGIXxuD5WcW4gOPuNThfT757NR4Le/wIDAQABo4IBZDCCAWAwCQYD VR0TBAIwADALBgNVHQ8EBAMCBaAwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2Ny bC52ZXJpc2lnbi5jb20vUlNBU2VjdXJlU2VydmVyLmNybDBEBgNVHSAEPTA7MDkG C2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWdu LmNvbS9ycGEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUF BwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMG0G CCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoE FI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNv bS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA34AIUYu0VU0LawRz2Q1n2YMtdoK m9tv5M9ITwUwol4H8WcyF8R5nGk6bxUNtRciNVhIjRiwD0n+A/OAV1d3jDCrX+LH MjgKRrELnFLc48WRrSTaK7PT50yvbWF+BaimQc0IOBhHfuk4d4wVF5UStyeZ6n6s bNIq4dp8oSfR9ME= -----END CERTIFICATE----- subject=/C=US/ST=New Jersey/L=Middletown/O=AT&T/OU=WorldNet/CN=ipostoffice.world net.att.net issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority --- No client certificate CA names sent --- SSL handshake has read 1692 bytes and written 310 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher : RC4-SHA Session-ID: 227FD6BC3D6953F53EFB198EEC8B2280349FF1BB5D41CDC9E8260CEF3C5C8177 Session-ID-ctx: Master-Key: 917594C0A1347D67F83D554B1A35A77A39166F7152B71BD306BBF84C483C5D84 2FE561021BD6B782E032552F40A54392 Key-Arg : None Start Time: 1106569919 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- +OK <[EMAIL PROTECTED]> (mtiwpxc03) Maillennium POP3/PROXY server #2 and after that I can enter POP3 commands. ----- Original Message ----- From: "Dr. Stephen Henson" <[EMAIL PROTECTED]> To: <openssl-users@openssl.org> Sent: Saturday, January 22, 2005 2:19 PM Subject: Re: SSL error: no cipher list > On Sat, Jan 22, 2005, Yuriy Synov wrote: > > > > No sure if you have set it or not. If not, you can try following example: > > > > > > #define CIPHER_LIST "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH" > > > > > > SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) ; > > > > I tried to set that cipher list, and now I get the following error: > > > > error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available > > > > I also tried "ALL" and some other cipher lists, and I always get one of > > these errors: > > > > 1) error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available > > 2) error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list > > > > Microsoft Outlook Express 6.0 and Nokia 9500 smartphone messaging client do > > work with the POP3 server that causes the trouble. Is it possible, that the > > server does not conform to SSL standards, and these softwares ignore it, but > > the OpenSSL library is more strict? > > > > See if you can connect to the server using the s_client test program. For > example: > > openssl s_client -conntect hostname:995 > > (use whatever port it uses for POP4+SSL, 995 is standard). > > Steve. > -- > Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage > OpenSSL project core developer and freelance consultant. > Funding needed! Details on homepage. > Homepage: http://www.drh-consultancy.demon.co.uk > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]