> See if you can connect to the server using the s_client test program. For
> example:
>
> openssl s_client -conntect hostname:995
>
> (use whatever port it uses for POP4+SSL, 995 is standard).
Output from 'openssl s_client' follows:
[EMAIL PROTECTED] /]# openssl s_client -connect
ipostoffice.worldnet.att.net:995
CONNECTED(00000005)
depth=1 /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/C=US/ST=New
Jersey/L=Middletown/O=AT&T/OU=WorldNet/CN=ipostoffice.worldnet
.att.net
i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority
1 s:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority
i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDxzCCAzSgAwIBAgIQePDFqFMk1AlFDRG1iBFXWzANBgkqhkiG9w0BAQUFADBf
MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4x
LjAsBgNVBAsTJVNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw
HhcNMDQwNTA2MDAwMDAwWhcNMDUwNTA2MjM1OTU5WjCBgDELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCk5ldyBKZXJzZXkxEzARBgNVBAcUCk1pZGRsZXRvd24xDTALBgNV
BAoUBEFUJlQxETAPBgNVBAsUCFdvcmxkTmV0MSUwIwYDVQQDFBxpcG9zdG9mZmlj
ZS53b3JsZG5ldC5hdHQubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl
bCW+xGGUN+ZIzU8yv7GTDdOs65VWmA41ud0ds4wIbWgL3sJb6fhFc5gdG6BvpwTb
nYRAxTY8bGwdK2Lg4SIINtvztSEAknArhkEcRokLQDGU19AEyu3sFVh9ZXmXQho0
yz9E2kyhaHqGGIXxuD5WcW4gOPuNThfT757NR4Le/wIDAQABo4IBZDCCAWAwCQYD
VR0TBAIwADALBgNVHQ8EBAMCBaAwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2Ny
bC52ZXJpc2lnbi5jb20vUlNBU2VjdXJlU2VydmVyLmNybDBEBgNVHSAEPTA7MDkG
C2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWdu
LmNvbS9ycGEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUF
BwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMG0G
CCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoE
FI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNv
bS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA34AIUYu0VU0LawRz2Q1n2YMtdoK
m9tv5M9ITwUwol4H8WcyF8R5nGk6bxUNtRciNVhIjRiwD0n+A/OAV1d3jDCrX+LH
MjgKRrELnFLc48WRrSTaK7PT50yvbWF+BaimQc0IOBhHfuk4d4wVF5UStyeZ6n6s
bNIq4dp8oSfR9ME=
-----END CERTIFICATE-----
subject=/C=US/ST=New
Jersey/L=Middletown/O=AT&T/OU=WorldNet/CN=ipostoffice.world
net.att.net
issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority
---
No client certificate CA names sent
---
SSL handshake has read 1692 bytes and written 310 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 1024 bit
SSL-Session:
Protocol : TLSv1
Cipher : RC4-SHA
Session-ID:
227FD6BC3D6953F53EFB198EEC8B2280349FF1BB5D41CDC9E8260CEF3C5C8177
Session-ID-ctx:
Master-Key:
917594C0A1347D67F83D554B1A35A77A39166F7152B71BD306BBF84C483C5D84
2FE561021BD6B782E032552F40A54392
Key-Arg : None
Start Time: 1106569919
Timeout : 300 (sec)
Verify return code: 19 (self signed certificate in certificate chain)
---
+OK <[EMAIL PROTECTED]> (mtiwpxc03) Maillennium POP3/PROXY
server
#2
and after that I can enter POP3 commands.
----- Original Message -----
From: "Dr. Stephen Henson" <[EMAIL PROTECTED]>
To: <openssl-users@openssl.org>
Sent: Saturday, January 22, 2005 2:19 PM
Subject: Re: SSL error: no cipher list
> On Sat, Jan 22, 2005, Yuriy Synov wrote:
>
> > > No sure if you have set it or not. If not, you can try following
example:
> > >
> > > #define CIPHER_LIST "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
> > >
> > > SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) ;
> >
> > I tried to set that cipher list, and now I get the following error:
> >
> > error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available
> >
> > I also tried "ALL" and some other cipher lists, and I always get one of
> > these errors:
> >
> > 1) error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available
> > 2) error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list
> >
> > Microsoft Outlook Express 6.0 and Nokia 9500 smartphone messaging client
do
> > work with the POP3 server that causes the trouble. Is it possible, that
the
> > server does not conform to SSL standards, and these softwares ignore it,
but
> > the OpenSSL library is more strict?
> >
>
> See if you can connect to the server using the s_client test program. For
> example:
>
> openssl s_client -conntect hostname:995
>
> (use whatever port it uses for POP4+SSL, 995 is standard).
>
> Steve.
> --
> Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
> OpenSSL project core developer and freelance consultant.
> Funding needed! Details on homepage.
> Homepage: http://www.drh-consultancy.demon.co.uk
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
