RE: problem in ssl connection with server
Praveen, If U have followed the proper procedure i.e 1) ./configure 2) make Then s_client and s_server must work(it worked for me I modified the code and was able to txmit a file from the client to server) try the -msg option to see more details to figure out the handshaking etc #OPENSSL>s_client -msg -connect 122.166.106.8:8000 regards, bhola -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of praveen kumar Sent: Thursday, February 03, 2011 12:13 AM To: openssl-users@openssl.org Subject: problem in ssl connection with server Hi friend, This is K.A.Praveenkumar from india.i have few quries regarding ssl,i got this problem when i try to establish server connection through public domain. My client given me one ip and port(122.166.106.8:8000). i am openssl tool in linux. When ever i tried to connect with the servers like google #OPENSSL>s_client -connect www.google.com:443 i am getting server one certificate and the connection also established.But the same command with client ip and port #OPENSSL>s_client -connect 122.166.106.8:8000 CONNECTED(0003) 3077588700:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message:s23_clnt.c:674: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 113 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- error in s_client i got this error,they configured port 8000 for ssl but still i cant get problem where it is? Can any one help me where is the exact problem? Thanks®ards K.A.Praveenkumar Linkwell telesystems Hyderabad-india __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [FWD] Apache 2.2.17 and OpenSSL 1.0.0c - Crash with SSLVirtualHost ServerName set.
- "Lutz Jaenicke" wrote: > Forwarded to openssl-users for discussion. > > Best regards, > Lutz > > - Forwarded message from Ryan Wehrle - > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; > d=gmail.com; s=gamma; > h=domainkey-signature:mime-version:date:message-id:subject:from:to > :content-type:content-transfer-encoding; > bh=3SVqXgi7XU2AyKoIAg/VcZOohkhWLoGcOoKp1DiDvDk=; > b=ZUJ6eCdhqG0h+ngPIKyLyMlCq01n0oosXtQsTZcHpCtbUAQf56BS9QqlL4FExWbv37 > B6JGAP655zKncgyS3jNI5Vc2SPcPb/VOWyRuEX41X9D5ZY5t8JK2w32kC4UvQnp1IfS+ > zRM7B8vBpRxg59oMVSN6RTm614C6EpCHmykWk= > DomainKey-Signature: a=rsa-sha1; c=nofws; > d=gmail.com; s=gamma; > h=mime-version:date:message-id:subject:from:to:content-type > :content-transfer-encoding; > b=YOwcRm54U5D8GeoTmcDzmBYbFXUFV0B1cFp2JVd95Us2SNfo4mnypM8kAwrTXLAcU8 > vrWYlHFFdnrEw2IHqoZxNanZP3Cp8ZNGD5y+oUgw/s4PZlFVtjRRY4IHvHi/NOgVjjGR > B2pIaT7YHgSOyqbilSsPzmMHsMYHaGXYpXUzE= > Date: Mon, 31 Jan 2011 03:40:12 -0600 > Subject: Apache 2.2.17 and OpenSSL 1.0.0c - Crash with SSLVirtualHost > ServerName set. > From: Ryan Wehrle > To: openssl-b...@openssl.org > > Essentially here are my results: > In other browsers (IE/FF/Chrome): > If I set the ServerName property to RFiles.org ServerNames are domain names are case insensitive. > (httpd.exe crashes because of ssleay32.dll from OpenSSL 1.0.0c) Can you provide a trace of the crash? What do your certificates look like? i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
[FWD] Apache 2.2.17 and OpenSSL 1.0.0c - Crash with SSLVirtualHost ServerName set.
Forwarded to openssl-users for discussion. Best regards, Lutz - Forwarded message from Ryan Wehrle - DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=3SVqXgi7XU2AyKoIAg/VcZOohkhWLoGcOoKp1DiDvDk=; b=ZUJ6eCdhqG0h+ngPIKyLyMlCq01n0oosXtQsTZcHpCtbUAQf56BS9QqlL4FExWbv37 B6JGAP655zKncgyS3jNI5Vc2SPcPb/VOWyRuEX41X9D5ZY5t8JK2w32kC4UvQnp1IfS+ zRM7B8vBpRxg59oMVSN6RTm614C6EpCHmykWk= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=YOwcRm54U5D8GeoTmcDzmBYbFXUFV0B1cFp2JVd95Us2SNfo4mnypM8kAwrTXLAcU8 vrWYlHFFdnrEw2IHqoZxNanZP3Cp8ZNGD5y+oUgw/s4PZlFVtjRRY4IHvHi/NOgVjjGR B2pIaT7YHgSOyqbilSsPzmMHsMYHaGXYpXUzE= Date: Mon, 31 Jan 2011 03:40:12 -0600 Subject: Apache 2.2.17 and OpenSSL 1.0.0c - Crash with SSLVirtualHost ServerName set. From: Ryan Wehrle To: openssl-b...@openssl.org Essentially here are my results: In other browsers (IE/FF/Chrome): If I set the ServerName property to RFiles.org - then try to goto https://RFiles.org, apache will crash. - then try to goto https://MilesMilitusCallidus.com, I can connect perfectly fine. If I set the ServerName property to MilesMilitusCallidus.com - then try to goto https://MilesMilitusCallidus.com, apache will crash. - then try to goto https://RFiles.org, I can connect perfectly fine. In Opera 11.01: If I set the ServerName property to RFiles.org - then try to goto https://RFiles.org, apache will crash. - then try to goto https://MilesMilitusCallidus.com, the page loads forever. If I set the ServerName property to MilesMilitusCallidus.com - then try to goto https://MilesMilitusCallidus.com, apache will crash. - then try to goto https://RFiles.org, the page loads forever. For some odd reason, apache/openssl doesn't like the ServerName property under the SSL virutal host. If I set it, whatever the domain is set to (example rfiles.org), then type that domain in for https, apache will crash. (httpd.exe crashes because of ssleay32.dll from OpenSSL 1.0.0c) The config that makes it crash (httpd-ssl.conf), then try to visit "RFiles.org" since that is the property set for "ServerName": -httpd-ssl.conf Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl SSLPassPhraseDialog builtin SSLSessionCache"shmcb:Z:/Apache/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 SSLMutex default TraceEnable Off DocumentRoot "Z:/Apache/_MilesMilitusCallidus.com_SSL" ServerName RFiles.org ServerAdmin cae...@milesmilituscallidus.com ErrorLog "Z:/Apache/logs/_MilesMilitusCallidus.com_SSL/error_ssl.log" TransferLog "Z:/Apache/logs/_MilesMilitusCallidus.com_SSL/access_ssl.log" LogLevel debug SSLEngine on SSLProtocol -All +SSLv3 +TLSv1 #SSLCipherSuite HIGH:MEDIUM SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile "Z:/Apache/conf/_OpenSSL/_SSL/certs/mmc.com-cert.pem" SSLCertificateKeyFile "Z:/Apache/conf/_OpenSSL/_SSL/pkeys/mmc.com-key.pem" SSLCACertificateFile "Z:/Apache/conf/_OpenSSL/_SSL/certs/ca-RFiles.org-cert.pem" SSLCARevocationFile "Z:/Apache/conf/_OpenSSL/_SSL/crl/ca-RFiles.org-crl.pem" SSLOptions +StdEnvVars SSLOptions +StdEnvVars BrowserMatch ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "Z:/Apache/logs/_MilesMilitusCallidus.com_SSL/ssl_request.log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" - End forwarded message - -- Lutz Jaenicke jaeni...@openssl.org OpenSSL Project http://www.openssl.org/~jaenicke/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: problem in ssl connection with server
On 2/2/2011 9:13 PM, praveen kumar wrote: i got this error,they configured port 8000 for ssl but still i cant get problem where it is? Can any one help me where is the exact problem? Their server doesn't correctly support SSL negotiation. You can make it work by disabling TLS1 negotiation. With s_client, use the '-no_tls1' flag. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org