Thanks Dave,
i see the below output.
soniclx24(misingh): openssl s_client -connect NC-WIN2008X64:1433 -state
-debug -msg -ssl3
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 08A018A8 [08A0B660] (100 bytes => 100 (0x64))
0000 - 16 03 00 00 5f 01 00 00-5b 03 00 50 3f fb 58 60 ...._...[..P?.X`
0010 - 71 d6 9f 3c a6 fb 60 79-8a 31 fe 39 68 46 0e a0 q..<..`y.1.9hF..
0020 - 3f 0d c8 08 d9 62 da c6-17 fc 8d 00 00 34 00 39 ?....b.......4.9
0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f .8.5.......3.2./
0040 - 00 66 00 05 00 04 00 63-00 62 00 61 00 15 00 12 .f.....c.b.a....
0050 - 00 09 00 65 00 64 00 60-00 14 00 11 00 08 00 06 ...e.d.`........
0060 - 00 03 01 ...
0064 - <SPACES/NULS>
>>> SSL 3.0 Handshake [length 005f], ClientHello
01 00 00 5b 03 00 50 3f fb 58 60 71 d6 9f 3c a6
fb 60 79 8a 31 fe 39 68 46 0e a0 3f 0d c8 08 d9
62 da c6 17 fc 8d 00 00 34 00 39 00 38 00 35 00
16 00 13 00 0a 00 33 00 32 00 2f 00 66 00 05 00
04 00 63 00 62 00 61 00 15 00 12 00 09 00 65 00
64 00 60 00 14 00 11 00 08 00 06 00 03 01 00
SSL_connect:SSLv3 write client hello A
read from 08A018A8 [08A06E50] (5 bytes => 0 (0x0))
SSL_connect:failed in SSLv3 read server hello A
12542:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
failure:s3_pkt.c:529:
Any idea why handshake is failing?
-mithun
On Fri, Aug 31, 2012 at 12:59 AM, Dave Thompson <dthomp...@prinpay.com>wrote:
> >From: owner-openssl-us...@openssl.org On Behalf Of Mithun Kumar
> >Sent: Thursday, 30 August, 2012 02:04
>
> >Also when i use s_client tool it just hangs with following output.
> >Any input on how to get full handshake dump?
>
> >... openssl s_client -connect ... -state -debug -msg
> >CONNECTED(00000003)
> >SSL_connect:before/connect initialization
> >write to 09050898 [090508E0] (142 bytes => 142 (0x8E))
> <snip>>>> SSL 2.0 [length 008c], CLIENT-HELLO
> <snip>
> >SSL_connect:SSLv2/v3 write client hello A>
>
> -debug and -msg (you probably don't need both) *do* dump
> all data resp. messages sent and received. The server
> isn't responding to the hello, and that's why you're hanging.
>
> Make sure the server is doing SSL on that port; many (other)
> protocols if they receive garbage, which is what SSL looks like,
> may just keep waiting.
>
> Also make sure it's able and willing to do SSLv2; some recent
> software doesn't. If server accepts only SSLv3/TLS, it may ignore
> the SSLv2 ClientHello as invalid format and keep waiting for
> a "valid" ClientHello, which OpenSSL here won't be sending.
> Try s_client with -ssl3 or -tls1, or at least -no_ssl2 .
> If that works, change or configure your client app accordingly.
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List openssl-users@openssl.org
> Automated List Manager majord...@openssl.org
>
