Hi everyone --
I'm an OpenSSL noob trying to debug some code written by someone that's smarter than me. It's basically a small HTTPS server using self-signed certs. It works fine with IE and Google Chrome, but not Firefox. Even after adding a security exception for Firefox, I still get the dreaded ssl_error_handshake_failure_alert I'm using OpenSSL 1.0.0a and also tried 0.9.8l Firefox (3.6) can successfully connect to: openssl s_server -cert mycert.pem -www (tested with 1.0.0a) and shows all the ciphers, etc. After MUCH reading and Googling, it seems like the below is important (and as far as I know, correct): SSL_CTX_new(SSLv23_method()) SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE) SSL_CTX_set_cipher_list(ctx, "ALL:!eNULL:!aNULL:@STRENGTH") SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, ... I ran some tests using openssl s_client -CAfile cacert.pem -connect localhost:443 My app with 0.9.8l, openssl 0.9.8l fails with: verify return:1 6436:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:. \ssl\s3_pkt.c:1061:SSL alert number 40 6436:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:.\ssl\s23_lib .c:188: If I use -ssl2, it appears to succeed without the SSL errors above. Using -ssl3 fails like above. My app with 1.0.0a, openssl 1.0.0a also fails (it does show certificate info, but the information about the session shows New (NONE), Cipher is (NONE), etc). Given the errors above, can anyone point me towards some docs, or APIs, or ??? that can help me troubleshoot and fix the reason that Firefox and OpenSSL -s_client can't connect to my HTTPS server? Thanks a lot Doug
