> On Apr 16, 2015, at 03:01, Jan Just Keijser <janj...@nikhef.nl> wrote:
> if no list of TLS ciphers is specified then the client will attempt the full
> list of ciphers that you see with "--with-tls" ; with OpenSSL it is actually
> quite hard to tell which ciphers it is trying and in which order. I'm saying
> OpenSSL here, as it's a an SSL library call that does this part. For PolarSSL
> builds the same applies, IIRC.
>
> One thing you could try is to run the underlying openssl command on both
> client and server:
> server:
> openssl s_server -msg -CAfile ca.crt -cert server.crt -key server.key
> client:
> openssl s_client -connect <server-IP>:4433
>
> (adjust ca.crt and server.{crt,key} to your setup).
> The server should print the list of shared ciphers.
�Well, at least we’re consistent with the openvpn failure. The server shows:
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
bad gethostbyaddr
<<< SSL 2.0 [length 0080], CLIENT-HELLO
01 03 01 00 57 00 00 00 20 00 00 39 00 00 38 00
00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00
33 00 00 32 00 00 2f 00 00 9a 00 00 99 00 00 96
03 00 80 00 00 05 00 00 04 01 00 80 00 00 15 00
00 12 00 00 09 06 00 40 00 00 14 00 00 11 00 00
08 00 00 06 04 00 80 00 00 03 02 00 80 00 00 ff
46 18 67 32 3e da 75 30 2d da 13 12 32 00 b3 6e
a5 9e 00 05 e3 ee 74 d7 98 80 db 09 d9 cf 8f 95
>>> TLS 1.0 Alert [length 0002], fatal handshake_failure
02 28
ERROR
3148076708:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:/data/NetBSD/src/crypto/dist/openssl/ssl/s3_srvr.c:1076:
shutting down SSL
CONNECTION CLOSED
So, no list of shared ciphers. Is something wrong with my server on the
openssl side? It is a pretty old box. OpenSSL 0.9.9-dev.
- Chris
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
