Hi,
I have tried with all the ciphers. This same application works well on
windows.
I run my application again with s_server, but hit with the same error:
SSL_ERROR_SSL
error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash unavailable
This time, instead of using my own server, I have run openssl s_server.
>openssl s_server -accept 9000 -cert client.pem -Verify 0/1 -CAfile
ca-win.pem -msg -debug
And on s_server, folwing messages are :
client hello
server hello
SSL_accept:SSLv3 write certificate A
>>> TLS 1.0 Handshake [length 0004], ServerHelloDone
0e 00 00 00
SSL_accept:SSLv3 write server done A
SSL_accept:SSLv3 flush data
SSL_accept:failed in SSLv3 read client certificate A
ERROR
shutting down SSL
CONNECTION CLOSED
SSL_accept:failed in SSLv3 read client certificate A
Above with verify is 0
--------------
SSL_accept:SSLv3 write certificate A
>>> TLS 1.0 Handshake [length 007b], CertificateRequest
SSL_accept:SSLv3 write certificate request A
SSL_accept:SSLv3 flush data
SSL_accept:failed in SSLv3 read client certificate A
With verify is ON
This mean, client and server are agreed on cipher. In what cases client
verifies the TLS1_SETUP_KEY_BLOCK? which drove client to throw this error?
Gayathri Sundar-3 wrote:
>
> can you give some specific cipher like rc4-md5 using the --cipher command
> and see if it goes thro? maybe the 1st cipher suite sent by the client is
> not available with the server or something..you can use mozilla and edit
> the
> cipher suites in the advance tab or use openssl client connect command and
> supply some specific cipher which u know for sure is available on the
> server.
>
> On Wed, May 11, 2011 at 2:54 PM, pradeepreddy
> <pradeepreddy....@gmail.com>wrote:
>
>>
>> Hi ,
>>
>> My application is running with OpenSSL 0.9.8h 28 May 2008 in gentoo
>> linux:
>> >uname -a
>> Linux localhost 2.6.32.9 #1 SMP Thu Jul 8 14:30:23 Local time zone must
>> be
>> set--see zic m i686 Intel(R) Pentium(R) D CPU 2.80GHz GenuineIntel
>> GNU/Linux
>>
>> But ssl hand shake is failing with below error:
>> SSL_ERROR_SSL error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or
>> hash unavailable
>>
>> But on same linux, "openssl s_client -connect "server:8443" -cert
>> client.pem
>> -CAfile ca-win.pem", is wokring
>>
>> CONNECTED(00000003)
>> ---
>> Certificate chain
>> 0 s:/C=/ST=/L=/O=/OU=DGM/DC=CN=A1
>> 1 s:/DC=/DC=/DC=/DC=/CN=A1
>> i:/DC=/DC=/DC=/DC=/CN=A1
>> ---
>> Server certificate
>> -----BEGIN CERTIFICATE-----
>> MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4IBAQBd4LfcDl5d3ODPjBBDy7bL
>> YX6uDP6yG+RdbwR9ul4WRhOUXqb0jkHbaGy/Qlz70TGqfSme81yvLsYmChKTFloU
>> 3NDIRAqagGntPXyaR6WjbV652SYtENTL7RONZhxGyeqDF0ns5fLUAdE2eGYN9f3Y
>> X/k/vFrFnKEmEBEWlciwQjr7vag21YGBtIEeopqnRqN64HCGUVKWqap0sQXAJD/4
>> -----END CERTIFICATE-----
>> subject=/C=/ST=/L=/O=/OU=/CN=XY2
>> issuer=/DC=/DC=/DC=dev/DC=/CN=A1
>> ---
>> Acceptable client certificate CA names
>> /DC=/DC=/DC=/DC=/CN=A1
>> ---
>> SSL handshake has read 3241 bytes and written 3148 bytes
>> ---
>> New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
>> Server public key is 2048 bit
>> Compression: NONE
>> Expansion: NONE
>> SSL-Session:
>> Protocol : TLSv1
>> Cipher : DHE-RSA-AES256-SHA
>> Session-ID:
>> Session-ID-ctx:
>> Master-Key: C47BF1691AB846E449B5FA9E29EC4E25312D4C501
>> Key-Arg : None
>> Start Time: 1305122070
>> Timeout : 300 (sec)
>> Verify return code: 0 (ok)
>> ---
>>
>> --
>> View this message in context:
>> http://old.nabble.com/Application-is-failing-with-cipher-or-hash-unavailable-tp31597508p31597508.html
>> Sent from the OpenSSL - User mailing list archive at Nabble.com.
>>
>> ______________________________________________________________________
>> OpenSSL Project http://www.openssl.org
>> User Support Mailing List openssl-users@openssl.org
>> Automated List Manager majord...@openssl.org
>>
>
>
--
View this message in context:
http://old.nabble.com/Application-is-failing-with-cipher-or-hash-unavailable-tp31597508p31607141.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
