RE: problem in ssl connection with server
Praveen, If U have followed the proper procedure i.e 1) ./configure 2) make Then s_client and s_server must work(it worked for me I modified the code and was able to txmit a file from the client to server) try the -msg option to see more details to figure out the handshaking etc #OPENSSL>s_client -msg -connect 122.166.106.8:8000 regards, bhola -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of praveen kumar Sent: Thursday, February 03, 2011 12:13 AM To: openssl-users@openssl.org Subject: problem in ssl connection with server Hi friend, This is K.A.Praveenkumar from india.i have few quries regarding ssl,i got this problem when i try to establish server connection through public domain. My client given me one ip and port(122.166.106.8:8000). i am openssl tool in linux. When ever i tried to connect with the servers like google #OPENSSL>s_client -connect www.google.com:443 i am getting server one certificate and the connection also established.But the same command with client ip and port #OPENSSL>s_client -connect 122.166.106.8:8000 CONNECTED(0003) 3077588700:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message:s23_clnt.c:674: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 113 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- error in s_client i got this error,they configured port 8000 for ssl but still i cant get problem where it is? Can any one help me where is the exact problem? Thanks®ards K.A.Praveenkumar Linkwell telesystems Hyderabad-india __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [FWD] Apache 2.2.17 and OpenSSL 1.0.0c - Crash with SSLVirtualHost ServerName set.
- "Lutz Jaenicke" wrote: > Forwarded to openssl-users for discussion. > > Best regards, > Lutz > > - Forwarded message from Ryan Wehrle - > > DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; > d=gmail.com; s=gamma; > h=domainkey-signature:mime-version:date:message-id:subject:from:to > :content-type:content-transfer-encoding; > bh=3SVqXgi7XU2AyKoIAg/VcZOohkhWLoGcOoKp1DiDvDk=; > b=ZUJ6eCdhqG0h+ngPIKyLyMlCq01n0oosXtQsTZcHpCtbUAQf56BS9QqlL4FExWbv37 > B6JGAP655zKncgyS3jNI5Vc2SPcPb/VOWyRuEX41X9D5ZY5t8JK2w32kC4UvQnp1IfS+ > zRM7B8vBpRxg59oMVSN6RTm614C6EpCHmykWk= > DomainKey-Signature: a=rsa-sha1; c=nofws; > d=gmail.com; s=gamma; > h=mime-version:date:message-id:subject:from:to:content-type > :content-transfer-encoding; > b=YOwcRm54U5D8GeoTmcDzmBYbFXUFV0B1cFp2JVd95Us2SNfo4mnypM8kAwrTXLAcU8 > vrWYlHFFdnrEw2IHqoZxNanZP3Cp8ZNGD5y+oUgw/s4PZlFVtjRRY4IHvHi/NOgVjjGR > B2pIaT7YHgSOyqbilSsPzmMHsMYHaGXYpXUzE= > Date: Mon, 31 Jan 2011 03:40:12 -0600 > Subject: Apache 2.2.17 and OpenSSL 1.0.0c - Crash with SSLVirtualHost > ServerName set. > From: Ryan Wehrle > To: openssl-b...@openssl.org > > Essentially here are my results: > In other browsers (IE/FF/Chrome): > If I set the ServerName property to RFiles.org ServerNames are domain names are case insensitive. > (httpd.exe crashes because of ssleay32.dll from OpenSSL 1.0.0c) Can you provide a trace of the crash? What do your certificates look like? i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: i.ga...@brainsware.org URL: http://brainsware.org/ __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
[FWD] Apache 2.2.17 and OpenSSL 1.0.0c - Crash with SSLVirtualHost ServerName set.
Forwarded to openssl-users for discussion.
Best regards,
Lutz
- Forwarded message from Ryan Wehrle -
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:date:message-id:subject:from:to
:content-type:content-transfer-encoding;
bh=3SVqXgi7XU2AyKoIAg/VcZOohkhWLoGcOoKp1DiDvDk=;
b=ZUJ6eCdhqG0h+ngPIKyLyMlCq01n0oosXtQsTZcHpCtbUAQf56BS9QqlL4FExWbv37
B6JGAP655zKncgyS3jNI5Vc2SPcPb/VOWyRuEX41X9D5ZY5t8JK2w32kC4UvQnp1IfS+
zRM7B8vBpRxg59oMVSN6RTm614C6EpCHmykWk=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:date:message-id:subject:from:to:content-type
:content-transfer-encoding;
b=YOwcRm54U5D8GeoTmcDzmBYbFXUFV0B1cFp2JVd95Us2SNfo4mnypM8kAwrTXLAcU8
vrWYlHFFdnrEw2IHqoZxNanZP3Cp8ZNGD5y+oUgw/s4PZlFVtjRRY4IHvHi/NOgVjjGR
B2pIaT7YHgSOyqbilSsPzmMHsMYHaGXYpXUzE=
Date: Mon, 31 Jan 2011 03:40:12 -0600
Subject: Apache 2.2.17 and OpenSSL 1.0.0c - Crash with SSLVirtualHost
ServerName set.
From: Ryan Wehrle
To: openssl-b...@openssl.org
Essentially here are my results:
In other browsers (IE/FF/Chrome):
If I set the ServerName property to RFiles.org
- then try to goto https://RFiles.org, apache will crash.
- then try to goto https://MilesMilitusCallidus.com, I can connect
perfectly fine.
If I set the ServerName property to MilesMilitusCallidus.com
- then try to goto https://MilesMilitusCallidus.com, apache will crash.
- then try to goto https://RFiles.org, I can connect perfectly fine.
In Opera 11.01:
If I set the ServerName property to RFiles.org
- then try to goto https://RFiles.org, apache will crash.
- then try to goto https://MilesMilitusCallidus.com, the page loads forever.
If I set the ServerName property to MilesMilitusCallidus.com
- then try to goto https://MilesMilitusCallidus.com, apache will crash.
- then try to goto https://RFiles.org, the page loads forever.
For some odd reason, apache/openssl doesn't like the ServerName
property under the SSL virutal host. If I set it, whatever the domain
is set to (example rfiles.org), then type that domain in for https,
apache will crash.
(httpd.exe crashes because of ssleay32.dll from OpenSSL 1.0.0c)
The config that makes it crash (httpd-ssl.conf), then try to visit
"RFiles.org" since that is the property set for "ServerName":
-httpd-ssl.conf
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl
SSLPassPhraseDialog builtin
SSLSessionCache"shmcb:Z:/Apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout 300
SSLMutex default
TraceEnable Off
DocumentRoot "Z:/Apache/_MilesMilitusCallidus.com_SSL"
ServerName RFiles.org
ServerAdmin cae...@milesmilituscallidus.com
ErrorLog "Z:/Apache/logs/_MilesMilitusCallidus.com_SSL/error_ssl.log"
TransferLog
"Z:/Apache/logs/_MilesMilitusCallidus.com_SSL/access_ssl.log"
LogLevel debug
SSLEngine on
SSLProtocol -All +SSLv3 +TLSv1
#SSLCipherSuite HIGH:MEDIUM
SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile
"Z:/Apache/conf/_OpenSSL/_SSL/certs/mmc.com-cert.pem"
SSLCertificateKeyFile
"Z:/Apache/conf/_OpenSSL/_SSL/pkeys/mmc.com-key.pem"
SSLCACertificateFile
"Z:/Apache/conf/_OpenSSL/_SSL/certs/ca-RFiles.org-cert.pem"
SSLCARevocationFile
"Z:/Apache/conf/_OpenSSL/_SSL/crl/ca-RFiles.org-crl.pem"
SSLOptions +StdEnvVars
SSLOptions +StdEnvVars
BrowserMatch ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog
"Z:/Apache/logs/_MilesMilitusCallidus.com_SSL/ssl_request.log" \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
- End forwarded message -
--
Lutz Jaenicke jaeni...@openssl.org
OpenSSL Project http://www.openssl.org/~jaenicke/
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-users@openssl.org
Automated List Manager majord...@openssl.org
Re: problem in ssl connection with server
On 2/2/2011 9:13 PM, praveen kumar wrote: i got this error,they configured port 8000 for ssl but still i cant get problem where it is? Can any one help me where is the exact problem? Their server doesn't correctly support SSL negotiation. You can make it work by disabling TLS1 negotiation. With s_client, use the '-no_tls1' flag. DS __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
