Re: SSL/TLS with server names picked from DNS

[Ludwig Nussel]

sandeep kiran p wrote:
 Ours is an LDAP client application that fetches LDAP server names on the fly
 using DNS SRV Resource Records. We then randomly pick one the servers
 returned from DNS, establish an SSL/TLS connection with that server and then
 perform a bind operation using user credentials (DN and password). User
 credentials are protected since everything goes encrypted between the client
 and server.
 
 Recently we discovered that such a mechanism could be vulnerable to a DNS
 spoofing attack where an attacker could modify (or drop) the server list
 returned by the DNS and inject his/her own malicious directory server name.
 Client would then blindly establish an SSL/TLS connection with that server
 and would end up handing over the user credentials to it.

If that's possible you either do the host name verification in the wrong way or
your CA is not trustworthy.
An RFC that describes how the verification has to be done is in the works
currently:
http://tools.ietf.org/html/draft-saintandre-tls-server-id-check-09

Basically if you have a DNS SRV record _ldap.tcp.bar.com that points
to ldap.foo.com the certificate for ldap.foo.com needs to have an
entry that make it valid for _ldap.tcp.bar.com. You must not use the
result of the DNS lookup (ldap.foo.com) for the host name verification.

cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

My custom engine_finish method does not get called through ENGINE_finish

[Jeff Saremi]

 I'm trying to use my custom engine however I cannot get it to clean up
nicely.
For the initialization i used the sample in openssl ENGINE(3) documentation.

Here's how it goes:

ENGINE *loadEngine()
{
ENGINE *e;
e = ENGINE_by_id(MY_ENGINE_ID);
if(!e)
ENGINE_load_my();
e = ENGINE_by_id(MY_ENGINE_ID); /* try again */
if(!e)
/* the engine isn't available */
return NULL;
if(!ENGINE_init(e)) {
/* the engine couldn't initialise, release 'e' */
ENGINE_free(e);
return NULL;
}
ENGINE_set_default(e, ENGINE_METHOD_ALL);
return e;
}
void unloadEngine(ENGINE *e)
{
/* Release the functional reference from ENGINE_init() */
ENGINE_finish(e);
/* Release the structural reference from ENGINE_by_id() */
ENGINE_free(e);
/* ENGINE_cleanup();  my engine_finish method does not get
called unless I include this line */
}
void testKeyGen()
{
   /* some openssl initialization code such as loading ciphers,
algorithms, existing engines, establishing dynamic locks and so on */

ENGINE *e = loadEngine();
ASSERT(e, could not create the engine\n);
EVP_PKEY *pkey = NULL;
genPKey(e, pkey); /* some calls to EVP_PKEY_CTX_new_id,
EVP_PKEY_keygen and so on */
ASSERT(pkey, could not generate PKEY\n);

/* so far so good */
if(pkey)
EVP_PKEY_free(pkey);

unloadEngine(e);
   /* at the end of this I have unfreed memory (the dynamic lock I
created in my engine because my_finish was not called */
}

And here's my engine initialization and deinit routines. I stepped
through the code in ENGINE_finish() and realized that the following line
(to_return = e-finish(e); ) does not get executed because apparently
the ref count is not zero:

* file openssl/crypto/engine/eng_init.c  **
int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
{
if((e-funct_ref == 0)  e-finish)
{
if(unlock_for_handlers)
CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
to_return = e-finish(e);
if(unlock_for_handlers)
CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
if(!to_return)
return 0;
...
}

* continuation of my code -- my engine init routines  *

static int my_init(ENGINE *e)
{
ERR_load_MY_strings();
my_lock_id = CRYPTO_get_new_dynlockid();
...
return 1;
}
static int my_finish(ENGINE *e)
{
ERR_unload_MY_strings();
CRYPTO_destroy_dynlockid(my_lock_id);
return 1;
}
static int bind_helper(ENGINE *e)
{
...
if (!ENGINE_set_id(e, MY_ENGINE_ID)
|| !ENGINE_set_name(e, MY_ENGINE_NAME)
|| !ENGINE_set_destroy_function(e, my_destroy)
|| !ENGINE_set_init_function(e, my_init)
|| !ENGINE_set_finish_function(e, my_finish)
...
return 0;
return 1;
}
static ENGINE *engine_my(void)
{
ENGINE *ret = ENGINE_new();
if (!ret)
return NULL;
if (!bind_helper(ret))
{
ENGINE_free(ret);
return NULL;
}
return ret;
}
void ENGINE_load_my(void)
{
ENGINE *toadd = engine_my();
if (!toadd)
return;
ENGINE_add(toadd);
ENGINE_free(toadd);
ERR_clear_error();
}





This email contains Morega Systems Inc. Privileged and Confidential information.

Re: SSL/TLS with server names picked from DNS

[Patrick Patterson]

Hi there:

It would seem that the solution to this is inherent in how you built this. If 
the client is in control of which trust anchors are used (and uses a 
restricted set, instead of the anything goes list that you get with most 
distributions and or Operating systems), then you SHOULD be able to trust that 
your CA (or set of CAs) will only issue certificates to legitimate hosts and 
do proper DNS authority validation (does the requestor have a legitimate 
authority to request a certificate for that domain?).

This is NOT a programming problem, but a policy one.

If you wanted to go one up from that, you could require in your user community 
that all server certificates be issued according to a particular policy that 
would make the type of DNS attack you mentioned highly unlikely to succeed 
(such as encoding the SRV and IP address value in the subjectAltName, and 
making the server holder protect the private key correctly), and then check 
for that policy value in your client. At that rate, I can see that there would 
only be an attack vector by a malicious insider at the server's company that 
was able to attack the DNS, and request a certificate on behalf of that 
company, which is quite hard to guard against, without going to rather onerous 
levels.

Have fun.

Patrick.

On August 12, 2010 09:58:15 am sandeep kiran p wrote:
 We dont have any control on how the server generates its certificates. As
 said earlier, we only control the client portion of SSL/TLS. Sites where
 our client application runs, is handed over the location where trusted CA
 certs are stored and thats all we have.
 
 Secondly, as you pointed out, if we were to maintain a list of legitimate
 server certs, we could have as well maintained a list of server names at
 the client. The advantage with using DNS SRV RR is, a domain admin can add
 or remove servers without having to make any changes to the affected
 client applications.
 
 Thanks.
 Sandeep
 
 On Thu, Aug 12, 2010 at 6:04 PM, Scott Gifford 
sgiff...@suspectclass.comwrote:
  On Wed, Aug 11, 2010 at 11:36 PM, sandeep kiran p
  sandeepkir...@gmail.com
  
   wrote:
   [ ... ]
   
  Client would then blindly establish an SSL/TLS connection with that
  server and would end up handing over the user credentials to it. Note
  that, as part of the SSL handshake, the malicious serve would provide a
  certificate signed by the same CA that signed a genuine server
  certificate. Meaning to say, verification of the malicious server
  certificate would pass at the client. If you still want to know how, I
  can explain further. Also note that the malicious server is hosted on a
  machine with host name similar to the value of SubjectName's cn
  attribute of the certificate it offers.
  
  One possible solution would be to use OpenSSL's CA scripts to establish
  your own CA (the scripts make it fairly simple), and only accept
  certificates signed by your own CA.  You would need to install that CA
  public certificate as a trusted certificate in all the clients.  If this
  works for you, a nice bonus is that it saves money and time getting the
  certificates.
  
  Another would be to maintain a database of legitimate certificates or
  their fingerprints and only accept certificates with a matching
  fingerprint.  Of course, if you're going to maintain this database, you
  could just as well maintain the list of hosts locally and use that
  instead of DNS, which could be another solution.
  
  Hope this helps.
  
  --Scott.

-- 
Patrick Patterson
President and Chief PKI Architect,
Carillon Information Security Inc.
http://www.carillon.ca
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org

RE: SSL/TLS with server names picked from DNS

[Richardson, David]

Hi.
 
I'm not an expert, but I'm wondering if you used a Public/Private key
pair to replace the username/password login to your servers would it
help with your security.   If you can control the distribution of the
public key to restrict it to  your servers (where it is stored in the
user's file space, not the systems overall space) the compromise by the
intruder is downgraded from complete control of the account to a Denial
of Service.
 
I'm thinking of how Putty controls remote logins using a public and
private key pair rather than username/password.  As I understand it, the
public key is not transmitted during the authentication, it is only used
at the server end to set up the secure session.  [please correct me if
I'm wrong here!]
 
David Richardson.



From: owner-openssl-us...@openssl.org
[mailto:owner-openssl-us...@openssl.org] On Behalf Of sandeep kiran p
Sent: August 12, 2010 07:58
To: openssl-users@openssl.org
Subject: Re: SSL/TLS with server names picked from DNS


We dont have any control on how the server generates its certificates.
As said earlier, we only control the client portion of SSL/TLS. Sites
where our client application runs, is handed over the location where
trusted CA certs are stored and thats all we have.
 
Secondly, as you pointed out, if we were to maintain a list of
legitimate server certs, we could have as well maintained a list of
server names at the client. The advantage with using DNS SRV RR is, a
domain admin can add or remove servers without having to make any
changes to the affected client applications.
 
Thanks.
Sandeep
 

 
On Thu, Aug 12, 2010 at 6:04 PM, Scott Gifford
sgiff...@suspectclass.com wrote:


On Wed, Aug 11, 2010 at 11:36 PM, sandeep kiran p
sandeepkir...@gmail.com wrote: 
[ ... ] 

Client would then blindly establish an SSL/TLS
connection with that server and would end up handing over the user
credentials to it. Note that, as part of the SSL handshake, the
malicious serve would provide a certificate signed by the same CA that
signed a genuine server certificate. Meaning to say, verification of the
malicious server certificate would pass at the client. If you still want
to know how, I can explain further. Also note that the malicious server
is hosted on a machine with host name similar to the value of
SubjectName's cn attribute of the certificate it offers.


One possible solution would be to use OpenSSL's CA scripts to
establish your own CA (the scripts make it fairly simple), and only
accept certificates signed by your own CA.  You would need to install
that CA public certificate as a trusted certificate in all the clients.
If this works for you, a nice bonus is that it saves money and time
getting the certificates.

Another would be to maintain a database of legitimate
certificates or their fingerprints and only accept certificates with a
matching fingerprint.  Of course, if you're going to maintain this
database, you could just as well maintain the list of hosts locally and
use that instead of DNS, which could be another solution.

Hope this helps.

--Scott.

Looking for quick answer from you

[Long.Wei]

Hi! My Dear OpenSSL friends,

I am developing code to sign and verify the signature of a DLL or SO 
module/image by using the public key and hash scheme.

I got it work on Windows. Now I am coding the Linux part. I am looking for a 
set of functions from OpenSSL Crypto lib that make same or similar 
functionality of the following Windows Cryptography API functions:


-  CertCreateContext

-  CryptAcquireContext

-  CryptImportPublicKeyInfo

-  CryptCreateHash

-  ImageGetDigestStream

-  ImageGetCertificateData

-  CryptVerifySignature

Please make my favor and take couple of seconds of your time to get an answer 
for me.

Your help is greatly appreciated.

Best wishes,

Long Wei
425-806-4073

Re: My custom engine_finish method does not get called through ENGINE_finish

[Jeff Saremi]

 I fixed the problem. I'm listing it here in case someone else runs into
this:

In the loadEngine() I call ENGINE_set_default(). I have to the opposite
when unloading my engine.
Unfortunately, I could not find any ENGINE_unset_default() or
ENGINE_unregister_all() so I had to explicitly unregister my method
pointers. So my new unloadEngine looks like the following:

void unloadEngine(ENGINE *e)
{
ENGINE_unregister_pkey_asn1_meths(e);
ENGINE_unregister_pkey_meths(e);
ENGINE_unregister_RSA(e);

ENGINE_remove(e);
/* Release the functional reference from ENGINE_init() */
   ENGINE_finish(e);
/* Release the structural reference from ENGINE_by_id() */
ENGINE_free(e);
}


On 10-08-13 09:23 AM, Jeff Saremi wrote:
  I'm trying to use my custom engine however I cannot get it to clean up
 nicely.
 For the initialization i used the sample in openssl ENGINE(3) documentation.

 Here's how it goes:

 ENGINE *loadEngine()
 {
 ENGINE *e;
 e = ENGINE_by_id(MY_ENGINE_ID);
 if(!e)
 ENGINE_load_my();
 e = ENGINE_by_id(MY_ENGINE_ID); /* try again */
 if(!e)
 /* the engine isn't available */
 return NULL;
 if(!ENGINE_init(e)) {
 /* the engine couldn't initialise, release 'e' */
 ENGINE_free(e);
 return NULL;
 }
 ENGINE_set_default(e, ENGINE_METHOD_ALL);
 return e;
 }
 void unloadEngine(ENGINE *e)
 {
 /* Release the functional reference from ENGINE_init() */
 ENGINE_finish(e);
 /* Release the structural reference from ENGINE_by_id() */
 ENGINE_free(e);
 /* ENGINE_cleanup();  my engine_finish method does not get
 called unless I include this line */
 }
 void testKeyGen()
 {
/* some openssl initialization code such as loading ciphers,
 algorithms, existing engines, establishing dynamic locks and so on */

 ENGINE *e = loadEngine();
 ASSERT(e, could not create the engine\n);
 EVP_PKEY *pkey = NULL;
 genPKey(e, pkey); /* some calls to EVP_PKEY_CTX_new_id,
 EVP_PKEY_keygen and so on */
 ASSERT(pkey, could not generate PKEY\n);

 /* so far so good */
 if(pkey)
 EVP_PKEY_free(pkey);

 unloadEngine(e);
/* at the end of this I have unfreed memory (the dynamic lock I
 created in my engine because my_finish was not called */
 }

 And here's my engine initialization and deinit routines. I stepped
 through the code in ENGINE_finish() and realized that the following line
 (to_return = e-finish(e); ) does not get executed because apparently
 the ref count is not zero:

 * file openssl/crypto/engine/eng_init.c  **
 int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
 {
 if((e-funct_ref == 0)  e-finish)
 {
 if(unlock_for_handlers)
 CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
 to_return = e-finish(e);
 if(unlock_for_handlers)
 CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
 if(!to_return)
 return 0;
 ...
 }

 * continuation of my code -- my engine init routines  *

 static int my_init(ENGINE *e)
 {
 ERR_load_MY_strings();
 my_lock_id = CRYPTO_get_new_dynlockid();
 ...
 return 1;
 }
 static int my_finish(ENGINE *e)
 {
 ERR_unload_MY_strings();
 CRYPTO_destroy_dynlockid(my_lock_id);
 return 1;
 }
 static int bind_helper(ENGINE *e)
 {
 ...
 if (!ENGINE_set_id(e, MY_ENGINE_ID)
 || !ENGINE_set_name(e, MY_ENGINE_NAME)
 || !ENGINE_set_destroy_function(e, my_destroy)
 || !ENGINE_set_init_function(e, my_init)
 || !ENGINE_set_finish_function(e, my_finish)
 ...
 return 0;
 return 1;
 }
 static ENGINE *engine_my(void)
 {
 ENGINE *ret = ENGINE_new();
 if (!ret)
 return NULL;
 if (!bind_helper(ret))
 {
 ENGINE_free(ret);
 return NULL;
 }
 return ret;
 }
 void ENGINE_load_my(void)
 {
 ENGINE *toadd = engine_my();
 if (!toadd)
 return;
 ENGINE_add(toadd);
 ENGINE_free(toadd);
 ERR_clear_error();
 }





 This email contains Morega Systems Inc. Privileged and Confidential 
 information.



This email contains Morega Systems Inc. Privileged and Confidential information.

Re: Cipher selection

[Alex Chen]

The command 'openssl ciphers -v DEFAULT' gives the following ciphers:

DHE-RSA-AES256-SHA  SSLv3 Kx=DH   Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-DSS-AES256-SHA  SSLv3 Kx=DH   Au=DSS  Enc=AES(256)  Mac=SHA1
AES256-SHA  SSLv3 Kx=RSA  Au=RSA  Enc=AES(256)  Mac=SHA1
EDH-RSA-DES-CBC3-SHASSLv3 Kx=DH   Au=RSA  Enc=3DES(168) Mac=SHA1
EDH-DSS-DES-CBC3-SHASSLv3 Kx=DH   Au=DSS  Enc=3DES(168) Mac=SHA1
DES-CBC3-SHASSLv3 Kx=RSA  Au=RSA  Enc=3DES(168) Mac=SHA1
DES-CBC3-MD5SSLv2 Kx=RSA  Au=RSA  Enc=3DES(168) Mac=MD5
DHE-RSA-AES128-SHA  SSLv3 Kx=DH   Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-DSS-AES128-SHA  SSLv3 Kx=DH   Au=DSS  Enc=AES(128)  Mac=SHA1
AES128-SHA  SSLv3 Kx=RSA  Au=RSA  Enc=AES(128)  Mac=SHA1
RC2-CBC-MD5 SSLv2 Kx=RSA  Au=RSA  Enc=RC2(128)  Mac=MD5
RC4-SHA SSLv3 Kx=RSA  Au=RSA  Enc=RC4(128)  Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA  Au=RSA  Enc=RC4(128)  Mac=MD5
RC4-MD5 SSLv2 Kx=RSA  Au=RSA  Enc=RC4(128)  Mac=MD5
EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH   Au=RSA  Enc=DES(56)   Mac=SHA1
EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH   Au=DSS  Enc=DES(56)   Mac=SHA1
DES-CBC-SHA SSLv3 Kx=RSA  Au=RSA  Enc=DES(56)   Mac=SHA1
DES-CBC-MD5 SSLv2 Kx=RSA  Au=RSA  Enc=DES(56)   Mac=MD5
EXP-EDH-RSA-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=RSA  Enc=DES(40)   Mac=SHA1 export
EXP-EDH-DSS-DES-CBC-SHA SSLv3 Kx=DH(512)  Au=DSS  Enc=DES(40)   Mac=SHA1 export
EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA  Enc=DES(40)   Mac=SHA1 export
EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
EXP-RC2-CBC-MD5 SSLv2 Kx=RSA(512) Au=RSA  Enc=RC2(40)   Mac=MD5  export
EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export
EXP-RC4-MD5 SSLv2 Kx=RSA(512) Au=RSA  Enc=RC4(40)   Mac=MD5  export

Based on my limited understanding, an openssl client and server will do some 
'hello' handshaking and select a cipher supported by both and with the highest 
security, correct?
For people that uses openssl right out of the box and does not any special 
cipher selection, if we use the same version of openssl on both ends I assume 
the cipher used in the connection will be the first one,  DHE-RSA-AES256-SHA, 
right?

Alex

On Aug 12, 2010, at 7:15 AM, Michael S. Zick wrote:

 On Wed August 11 2010, Tim Cloud wrote:
 Let's pretend for a moment that an out of the box application uses openssl 
 to provide access not through a browser, but rather through a SOAP client 
 like Eclipse.
 And let's also say that you have no access to the code internal to that 
 application.
 Is there any other way to limit the ciphers?  
 Some kind of config file or a special way to compile the executable? 
 
 
 The quick answer: 
 cipher list is not limited by an external, run-time, config file.
 
 I am a bit confused by the limits to your question, the two parts:
 have no access to the code internal to that application
 and the:
 special way to compile the executable
 seem to conflict (at least in my mind).
 
 I suppose you know what you meant - I'll go with that assumption. ;-)
 
 The cipers that might be used are established by agreement between client and 
 server -
 Two ends at which control might be effected.
 
 Server end: (not mentioned in your limits) - remove the unwanted ciphers from 
 the openssl build.
 I.E: If the server doesn't have them, it can't offer them, and the client can 
 choose one of them.
 
 Client end: If the client uses the dynamic openssl libraries - just do the 
 same as above.
 
 Client end: If the I can't rebuild it part of the client was staticly 
 linked against the openssl
 libraries - then you will have to do a few handsprings -
 
 One possible choice - put a https (or other as required) proxy on your 
 gateway - edit the cipher
 lists offered by client and/or server on the fly.
 Note: Does not sound like fun to me.
 
 Mike
 
 From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] On 
 Behalf Of Kyle Hamilton [aerow...@gmail.com]
 Sent: Wednesday, August 11, 2010 9:11 PM
 To: openssl-users@openssl.org
 Cc: Alex Chen
 Subject: Re: Cipher selection
 
 No, OpenSSL chooses the cipher from the argument to
 SSL[_CTX]_set_cipher_list(3ssl) called on the SSL or the SSL_CTX structure.
 
 On 8/11/10 4:57 PM, Alex Chen wrote:
 Does openssl choose the cipher from the pem file? If so, which section of 
 the following pem file sets the cipher for communication?
 
 -
 CONFIDENTIALITY NOTICE
 This e-mail is intended for the sole use of the individual(s) to whom it is 
 addressed, and may contain information that is privileged, confidential and 
 exempt from disclosure under applicable law.  You are hereby notified that 
 any dissemination, duplication, or distribution of this 

Session Secrete Keys

[Sam Jantz]

To whom it may concern,

First I have to say that I am sorry for any lack of detail that I post
do to non disclosure agreements, and also I swear that I am not trying to do
anything malicious here.

That being said, I am looking for a way to recover the agreed upon
session secret key, and also the initialization vector that comes at the end
of the handshake.  I need to do this programmaticly, and relatively quickly.
 In my program I have the SSL session opbject, and can get at the Master
Key, but I'm a little confused at how the session secret is generated, and
when RSA vs. DH is used.  I've read everything I can get a hold of and am
still foggy as to just how this works.  I know that it has to happen
somewhere, but just can't figure out where.  If someone could more concisely
explain the session secret process to me, I would be eternally grateful.
All that being said, I look forward to whatever help you can provide.
 Thank you in advanced.

Also, before I forget, I found this (
http://marc.info/?l=openssl-devm=113831859919711) conversation that sounds
like a similar problem, but I couldn't find any information on how to use
the SSL_SESSION_get_ex_data() function (aside from the man page) as far in
as where the arguments would come from. Again, any help would be greatly
appreciated.

One humbled techno weenie,
 Sam
-- 
Sam Jantz
Software Engineer

1.0.0o no fallback to SSLv2?

[Stefan de Konink]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hello,

I have a very odd problem with respect to my recent upgrade to 1.0.0;

In principle this is the problem:
openssl s_client -connect server.db.kvk.nl:443 -debug
CONNECTED(0003)
write to 0x1180ea0 [0x1180f20] (211 bytes = 211 (0xD3))
 - 16 03 01 00 ce 01 00 00-ca 03 01 4c 65 bf 5b ff   ...Le.[.
0010 - 27 e2 50 b0 2e 2a fa 72-e6 65 5d 36 9c e4 b4 d6   '.P..*.r.e]6
0020 - 97 f0 23 b8 a9 d3 5e 4f-d5 78 8d 00 00 5c c0 14   ..#...^O.x...\..
0030 - c0 0a 00 39 00 38 00 88-00 87 c0 0f c0 05 00 35   ...9.8.5
0040 - 00 84 c0 12 c0 08 00 16-00 13 c0 0d c0 03 00 0a   
0050 - c0 13 c0 09 00 33 00 32-00 9a 00 99 00 45 00 44   .3.2.E.D
0060 - c0 0e c0 04 00 2f 00 96-00 41 00 07 c0 11 c0 07   ./...A..
0070 - c0 0c c0 02 00 05 00 04-00 15 00 12 00 09 00 14   
0080 - 00 11 00 08 00 06 00 03-00 ff 02 01 00 00 44 00   ..D.
0090 - 0b 00 04 03 00 01 02 00-0a 00 34 00 32 00 01 00   ..4.2...
00a0 - 02 00 03 00 04 00 05 00-06 00 07 00 08 00 09 00   
00b0 - 0a 00 0b 00 0c 00 0d 00-0e 00 0f 00 10 00 11 00   
00c0 - 12 00 13 00 14 00 15 00-16 00 17 00 18 00 19 00   
00d0 - 23#
00d3 - SPACES/NULS
read from 0x1180ea0 [0x1186480] (7 bytes = 7 (0x7))
 - 15 03 01 00 02 02 32  ..2
140504236033704:error:1407741A:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1
alert decode error:s23_clnt.c:658:
- ---
no peer certificate available
- ---
No client certificate CA names sent
- ---
SSL handshake has read 7 bytes and written 211 bytes
- ---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
- ---



For some reason on systems with 0.9.8 this works. But fails for me, it
works for me if I manually specify -ssl2.

The site will have a downtime in the next 6 hours (some sort of daily
backup window), but I wonder if anyone can help me from the above log
pasted.


Yours Sincerely,

Stefan de Konink
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEAREKAAYFAkxlwRUACgkQYH1+F2Rqwn3qLACgkeKG6Y3bm9rH9cTD561dtVz3
8DgAn1KiWxJMWZb/Hv0kf7ezWLVJH/z7
=9jC3
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager   majord...@openssl.org