RE: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure

Tue, 06 Dec 2011 04:42:12 -0800 

Thanks a lot Dave Thompson-5 for your reply.

s_client command helped me lot to find root cause of issue. I fixed the
issue. 

It was due to server not understanding SSLv3 protocol, when i replaced it
with TLSv1, app got the successful response.

Again many thanks..!!



Dave Thompson-5 wrote:
> 
>> From: owner-openssl-us...@openssl.org On Behalf Of pankajy
>> Sent: Monday, 05 December, 2011 10:26
> 
>> I am doing SSL Communication having no certification 
>> validations on client
>> and server side. So I skipped this validation and tried 
>> SSL_connect with
>> host. Here I can successfully connect with host using tcp 
>> socket but unable
>> to connect with host using SSL_connect. It fails with errror
>> "error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert 
>> handshake failure" 
>> 
> The *server* is aborting handshake. You need to find out 
> what the server dislikes and fix it.
> 
> *One* cause of server handshake_failure is your failure 
> to supply a cert when the server requires one. What 
> exactly makes you think you shouldn't do 'validation'?
> Does the server operator, or server software, say so?
> 
> You could try commandline s_client with -state or -msg 
> to confirm at what point in the protocol it fails.
> 
> Nit: You don't actually *need* a socket BIO, OpenSSL's 
> SSL_ routines *also* work just fine with a raw socket.
> Your choice.
> 
> Also: your verify_callback isn't used (as posted), but 
> if it were returning SSL_VERIFY_NONE is nonsensical.
> SSL_VERIFY_ are used as modes to *set*. Once the callback 
> is called, it should return 1 for okay or 0 for not_okay.
> SSL_VERIFY_NONE happens to be 0, which means not_okay.
> 
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    openssl-users@openssl.org
> Automated List Manager                           majord...@openssl.org
> 
> 

-- 
View this message in context: 
http://old.nabble.com/error%3A14094410%3ASSL-routines%3ASSL3_READ_BYTES%3Asslv3-alert-handshake-failure-tp32917852p32923513.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to