Re: Getting "OpenSSL: Exit: error in SSLv3 read client certificate A" when client connects

Wed, 07 Nov 2012 20:59:32 -0800 

I now have an ssldump of an incoming connection. I think it shows the
client is closing the connection before the handshake is even complete. Is
there any way the server is responsible for this behavior? Thanks.

New TCP connection #4: xxxxx.com(12900) <-> a.b.c.d(443)

4 1  0.0362 (0.0362)  C>S  Handshake

      ClientHello

        Version 3.1

        cipher suites

        TLS_RSA_WITH_RC4_128_MD5

        TLS_RSA_WITH_RC4_128_SHA

        TLS_RSA_WITH_DES_CBC_SHA

        TLS_RSA_WITH_3DES_EDE_CBC_SHA

        compression methods

                  NULL

4 2  0.0365 (0.0003)  S>C  Handshake

      ServerHello

        Version 3.1

        session_id[32]=

          4c 37 df 98 4e c2 6d 26 28 23 67 4e ab 79 fd 4d

          f7 a8 e0 7e d8 47 37 38 c8 cc 06 db 43 f1 e3 a0

        cipherSuite         TLS_RSA_WITH_RC4_128_MD5

        compressionMethod                   NULL

4 3  0.0365 (0.0000)  S>C  Handshake

      Certificate

4 4  0.0365 (0.0000)  S>C  Handshake

      ServerHelloDone

4    0.0600 (0.0234)  C>S  TCP FIN

4    0.0602 (0.0002)  S>C  TCP FIN


On Tue, Nov 6, 2012 at 8:35 AM, Jeremy Bratton <[email protected]> wrote:

>  I'm using OpenSSL 0.9.8o 01 Jun 2010 on Debian 6.0.2. Client
> verification is disabled.
>
>
> I've written a SOAP server app that uses SSL. The only client that
> connects to it is completely out of my control. Though there have been no
> changes on either end that I'm aware of, the client is no longer able to
> connect to the server. I can see from the error message that something is
> going wrong during the SSL handshake, but I have no idea what (the actual
> server uses ruby & soap4r). I'm just getting the error message "SSL_accept
> SYSCALL returned=5 errno=0 state=SSLv3 read client certificate A"
>
>
> I set up apache on the server and was able to get a more detailed error
> message which is at http://pastebin.com/vvnLi9BQ
>
>
> Basically, it seems like the client is sending an EOF before the handshake
> is complete, but I've been assured that the client is working just as it's
> always been. Also this client connects to several other companies' servers
> and I believe they're all still working correctly. I'm pretty sure the
> client is written in Java in case that matters.
>
>
> I can connect to the server with a browser just fine.
>
>
> Is this a common issue? Any suggestions for a fix or work-around? A web
> search hasn't turned up much of anything.
>
>
> Thanks,
>
> Jeremy
>
>

Reply via email to