Hello, > The output on the s_client side is as follows; > > > SSL3 alert write:fatal:handshake failure > 6389:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version > number:s3_pkt.c:288: This means that client don't want to support received from server SSL version.
> I am using the -ssl3 flag on the s_client side. The SSL_Context on > the client side is configured as follows; And this means that client want to support ONLY SSL3 which means that client sends to server SSL3 proposition and server should accept this version and send back ServerHello handshake packet with SSL3 version accepted. > I have tried setting the context mode to SSLv23, TSLv1 (as well as > *_server) and found the same results. When client context is set for SSLv23 then client sends SSL2 ClientHello packet with SSL3 (or even TLS1) proposition. If server understands SSL3/TLS1 then this protocol is selected, if not SSL2 may be selected (or not). > Interestingly enough, I can set > the context and s_client to SSLv2, and this appears to work. However, > the client app I am developing (.net 2.0) chokes on receiving messages > with a System32 exception- "The message or signature supplied for > verification has been altered". TSL or SSL3 would be preferred. > > It almost seems like the server is accepted SSL3 msgs, but sending out > another protocol type. Any suggestions? If you using Linux, can you send ssldump or wireshark dump of this session. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
