Re: [openssl-users] a problem connecting to a specific Site ...
On 03/11/2018 08:56, Walter H. wrote: Hello, it is a little bitte weird/strange/complicated; On 02.11.2018 23:05, Matt Caswell wrote: On 02/11/2018 21:51, Walter H. wrote: Hello, when I try to connect tohttps://www.3bg.at/ I get the following error Handshake with SSL server failed: error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected message but https://www.ssllabs.com/ssltest/analyze.html?d=www.3bg.at says its ok ... is the problem on my side or on their side? You'll need to give us more information. I can connect to that server using OpenSSL 1.0.2 s_client. What version of OpenSSL are you using? Is this with your own application or from s_client? What ciphersuites have you configured? Any other relevant configuration that we should know about? the mentioned error comes with squid - ssl-bump on; in case I switch it off and have it as normal proxy, then is really suspisious: - an old Firefox (17.0.11esr) has no problems, the Sites is shown and works - an older Google Chrome (the last one f. WinXP, v46) gives: SSL connection error ERR_SSL_PROTOCOL_ERROR - a fork of the latest Pale Moon (Mypal) and an old Palemoon itself (the last one f. WinXP) gives: An error occurred during a connection to www.3bg.at. Peer’s certificate has an invalid signature. (Error code: SEC_ERROR_BAD_SIGNATURE) what is this strange? but what does this mean at the mentioned SSLlabs result: Certificate Transparency No when I compare to any other site (e.g. my own with Let's encrypt certificate), I get Certificate Transparency *Yes (certificate)* is this caused on my side or on the other side? Certificate Transparency means that the CA that issued the certificate also published it using a Google-promoted protocol to provide "Transparency" for the certificate issuing industry, at the cost of customer privacy. Chrome Browser now (or soon) punishes websites that whose certificate was not published that way, making it a relevant test for web server operators wanting to check that everything will work in all browsers. Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] a problem connecting to a specific Site ...
Hello, it is a little bitte weird/strange/complicated; On 02.11.2018 23:05, Matt Caswell wrote: On 02/11/2018 21:51, Walter H. wrote: Hello, when I try to connect to https://www.3bg.at/ I get the following error Handshake with SSL server failed: error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected message but https://www.ssllabs.com/ssltest/analyze.html?d=www.3bg.at says its ok ... is the problem on my side or on their side? You'll need to give us more information. I can connect to that server using OpenSSL 1.0.2 s_client. What version of OpenSSL are you using? Is this with your own application or from s_client? What ciphersuites have you configured? Any other relevant configuration that we should know about? the mentioned error comes with squid - ssl-bump on; in case I switch it off and have it as normal proxy, then is really suspisious: - an old Firefox (17.0.11esr) has no problems, the Sites is shown and works - an older Google Chrome (the last one f. WinXP, v46) gives: SSL connection error ERR_SSL_PROTOCOL_ERROR - a fork of the latest Pale Moon (Mypal) and an old Palemoon itself (the last one f. WinXP) gives: An error occurred during a connection to www.3bg.at. Peer's certificate has an invalid signature. (Error code: SEC_ERROR_BAD_SIGNATURE) what is this strange? but what does this mean at the mentioned SSLlabs result: Certificate Transparency No when I compare to any other site (e.g. my own with Let's encrypt certificate), I get Certificate Transparency *Yes (certificate)* is this caused on my side or on the other side? Thanks, Walter smime.p7s Description: S/MIME Cryptographic Signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] a problem connecting to a specific Site ...
On 02/11/2018 21:51, Walter H. wrote: > Hello, > > when I try to connect to https://www.3bg.at/ > I get the following error > > Handshake with SSL server failed: error:1408E0F4:SSL > routines:SSL3_GET_MESSAGE:unexpected message > > but > https://www.ssllabs.com/ssltest/analyze.html?d=www.3bg.at > says its ok ... > > is the problem on my side or on their side? You'll need to give us more information. I can connect to that server using OpenSSL 1.0.2 s_client. What version of OpenSSL are you using? Is this with your own application or from s_client? What ciphersuites have you configured? Any other relevant configuration that we should know about? Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
[openssl-users] a problem connecting to a specific Site ...
Hello, when I try to connect to https://www.3bg.at/ I get the following error Handshake with SSL server failed: error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected message but https://www.ssllabs.com/ssltest/analyze.html?d=www.3bg.at says its ok ... is the problem on my side or on their side? Thanks, Walter smime.p7s Description: S/MIME Cryptographic Signature -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users