On Mon, 01 Oct 2018 11:58:37 +0100, Tony Finch via Outages said: > Chris via Outages <[email protected]> wrote: > > > > me@jumpoff1 ~ $ openssl s_client -connect 104.24.114.156:443 > > CONNECTED(00000003) > > 140186033568600:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 > > alert handshake failure:s23_clnt.c:802: > > --- > > no peer certificate available > > You might find it works better with SNI: use the -servername option.
I got bit by this trying to do imap-over-ssl to Gmail. The tl;dr: If you forget the SNI, it would hand back a self-signed cert. And of course, it depended on what version of openssl you were on - I try it, get back a self-signed cert, ask a cow-orker, and he had an older openssl that fetched the expected cert and worked... The gory details: https://mta.openssl.org/pipermail/openssl-project/2018-April/000623.html
pgp8qGntgZLUU.pgp
Description: PGP signature
_______________________________________________ Outages mailing list [email protected] https://puck.nether.net/mailman/listinfo/outages
