Re: SSL error: no cipher list
See if you can connect to the server using the s_client test program. For example: openssl s_client -conntect hostname:995 (use whatever port it uses for POP4+SSL, 995 is standard). Output from 'openssl s_client' follows: [EMAIL PROTECTED] /]# openssl s_client -connect ipostoffice.worldnet.att.net:995 CONNECTED(0005) depth=1 /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/C=US/ST=New Jersey/L=Middletown/O=ATT/OU=WorldNet/CN=ipostoffice.worldnet .att.net i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority 1 s:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority --- Server certificate -BEGIN CERTIFICATE- MIIDxzCCAzSgAwIBAgIQePDFqFMk1AlFDRG1iBFXWzANBgkqhkiG9w0BAQUFADBf MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4x LjAsBgNVBAsTJVNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw HhcNMDQwNTA2MDAwMDAwWhcNMDUwNTA2MjM1OTU5WjCBgDELMAkGA1UEBhMCVVMx EzARBgNVBAgTCk5ldyBKZXJzZXkxEzARBgNVBAcUCk1pZGRsZXRvd24xDTALBgNV BAoUBEFUJlQxETAPBgNVBAsUCFdvcmxkTmV0MSUwIwYDVQQDFBxpcG9zdG9mZmlj ZS53b3JsZG5ldC5hdHQubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDl bCW+xGGUN+ZIzU8yv7GTDdOs65VWmA41ud0ds4wIbWgL3sJb6fhFc5gdG6BvpwTb nYRAxTY8bGwdK2Lg4SIINtvztSEAknArhkEcRokLQDGU19AEyu3sFVh9ZXmXQho0 yz9E2kyhaHqGGIXxuD5WcW4gOPuNThfT757NR4Le/wIDAQABo4IBZDCCAWAwCQYD VR0TBAIwADALBgNVHQ8EBAMCBaAwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2Ny bC52ZXJpc2lnbi5jb20vUlNBU2VjdXJlU2VydmVyLmNybDBEBgNVHSAEPTA7MDkG C2CGSAGG+EUBBxcDMCowKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LnZlcmlzaWdu LmNvbS9ycGEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMDQGCCsGAQUF BwEBBCgwJjAkBggrBgEFBQcwAYYYaHR0cDovL29jc3AudmVyaXNpZ24uY29tMG0G CCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoE FI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNv bS92c2xvZ28uZ2lmMA0GCSqGSIb3DQEBBQUAA34AIUYu0VU0LawRz2Q1n2YMtdoK m9tv5M9ITwUwol4H8WcyF8R5nGk6bxUNtRciNVhIjRiwD0n+A/OAV1d3jDCrX+LH MjgKRrELnFLc48WRrSTaK7PT50yvbWF+BaimQc0IOBhHfuk4d4wVF5UStyeZ6n6s bNIq4dp8oSfR9ME= -END CERTIFICATE- subject=/C=US/ST=New Jersey/L=Middletown/O=ATT/OU=WorldNet/CN=ipostoffice.world net.att.net issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority --- No client certificate CA names sent --- SSL handshake has read 1692 bytes and written 310 bytes --- New, TLSv1/SSLv3, Cipher is RC4-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher: RC4-SHA Session-ID: 227FD6BC3D6953F53EFB198EEC8B2280349FF1BB5D41CDC9E8260CEF3C5C8177 Session-ID-ctx: Master-Key: 917594C0A1347D67F83D554B1A35A77A39166F7152B71BD306BBF84C483C5D84 2FE561021BD6B782E032552F40A54392 Key-Arg : None Start Time: 1106569919 Timeout : 300 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- +OK [EMAIL PROTECTED] (mtiwpxc03) Maillennium POP3/PROXY server #2 and after that I can enter POP3 commands. - Original Message - From: Dr. Stephen Henson [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Saturday, January 22, 2005 2:19 PM Subject: Re: SSL error: no cipher list On Sat, Jan 22, 2005, Yuriy Synov wrote: No sure if you have set it or not. If not, you can try following example: #define CIPHER_LIST ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) ; I tried to set that cipher list, and now I get the following error: error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available I also tried ALL and some other cipher lists, and I always get one of these errors: 1) error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available 2) error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list Microsoft Outlook Express 6.0 and Nokia 9500 smartphone messaging client do work with the POP3 server that causes the trouble. Is it possible, that the server does not conform to SSL standards, and these softwares ignore it, but the OpenSSL library is more strict? See if you can connect to the server using the s_client test program. For example: openssl s_client -conntect hostname:995 (use whatever port it uses for POP4+SSL, 995 is standard). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http
Re: SSL error: no cipher list
On Mon, Jan 24, 2005, Yuriy Synov wrote: See if you can connect to the server using the s_client test program. For example: openssl s_client -conntect hostname:995 (use whatever port it uses for POP4+SSL, 995 is standard). Output from 'openssl s_client' follows: [EMAIL PROTECTED] /]# openssl s_client -connect ipostoffice.worldnet.att.net:995 CONNECTED(0005) depth=1 /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority verify error:num=19:self signed certificate in certificate chain verify return:0 No client certificate CA names sent --- +OK [EMAIL PROTECTED] (mtiwpxc03) Maillennium POP3/PROXY server #2 and after that I can enter POP3 commands. That shows that the server is OK and OpenSSL can comminicate with it properly. There must be a bug in your program somewhere. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL error: no cipher list
In fact I'm not using OpenSSL library directly. I use an open source library Indy which in turn makes use of OpenSSL. I discovered that POP3 servers that use DES-CBC3-SHA work correctly with my program, and the server that fails uses RC4-SHA. I got what you had said about Diffie-Hellman parameters, but it means that I will need to modify Indy (the lib I'm using) which is not a very simple task. I will report to this list if I get any positive results. - Original Message - From: mclellan, dave [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Sunday, January 23, 2005 3:12 PM Subject: RE: SSL error: no cipher list On my first SSL implementation, I struggled with this specific error. The Diffie-Hellman parameters for key exchange must be initialized, and if I remember correctly they weren't in my case. You must set up a callback to your code where it initializes DH parms. Call SSL_CTX_set_tmp_dh_callback to establish your callback. In order to see what to do inside it, visit the www.openssl.org/docs/ssl/ssl.html. There's an example here: http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_dh_callback.html# I hope this doesn't steer you off the course. Dave McLellan - Consulting Software Engineer EMC Corporation 228 South St. Hopkinton MA 01748 phone: 508-249-1257 fax 508-497-8030 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Henry Su Sent: Friday, January 21, 2005 3:11 PM To: openssl-users@openssl.org Subject: RE: SSL error: no cipher list No sure if you have set it or not. If not, you can try following example: #define CIPHER_LIST ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) ; -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Yuriy Synov Sent: Friday, January 21, 2005 6:15 AM To: openssl Subject: SSL error: no cipher list Dear All, I get this error with one POP3 server when I call function SSL_connect: error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list Could someone tell me what it means and how I can get rid of it? TIA Best regards, Yuriy Synov. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL error: no cipher list
On Mon, Jan 24, 2005, Yuriy Synov wrote: In fact I'm not using OpenSSL library directly. I use an open source library Indy which in turn makes use of OpenSSL. I discovered that POP3 servers that use DES-CBC3-SHA work correctly with my program, and the server that fails uses RC4-SHA. I got what you had said about Diffie-Hellman parameters, but it means that I will need to modify Indy (the lib I'm using) which is not a very simple task. I will report to this list if I get any positive results. DH parameters are set on the server so this will make no difference. You can try using OpenSSL s_server as a test and connecting to it using your program. The -cipher option can be used to restrict the ciphers available to see if that's the problem. Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: SSL error: no cipher list
On my first SSL implementation, I struggled with this specific error. The Diffie-Hellman parameters for key exchange must be initialized, and if I remember correctly they weren't in my case. You must set up a callback to your code where it initializes DH parms. Call SSL_CTX_set_tmp_dh_callback to establish your callback. In order to see what to do inside it, visit the www.openssl.org/docs/ssl/ssl.html. There's an example here: http://www.openssl.org/docs/ssl/SSL_CTX_set_tmp_dh_callback.html# I hope this doesn't steer you off the course. Dave McLellan - Consulting Software Engineer EMC Corporation 228 South St. Hopkinton MA 01748 phone: 508-249-1257 fax 508-497-8030 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Henry Su Sent: Friday, January 21, 2005 3:11 PM To: openssl-users@openssl.org Subject: RE: SSL error: no cipher list No sure if you have set it or not. If not, you can try following example: #define CIPHER_LIST ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) ; -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Yuriy Synov Sent: Friday, January 21, 2005 6:15 AM To: openssl Subject: SSL error: no cipher list Dear All, I get this error with one POP3 server when I call function SSL_connect: error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list Could someone tell me what it means and how I can get rid of it? TIA Best regards, Yuriy Synov. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL error: no cipher list
No sure if you have set it or not. If not, you can try following example: #define CIPHER_LIST ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) ; I tried to set that cipher list, and now I get the following error: error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available I also tried ALL and some other cipher lists, and I always get one of these errors: 1) error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available 2) error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list Microsoft Outlook Express 6.0 and Nokia 9500 smartphone messaging client do work with the POP3 server that causes the trouble. Is it possible, that the server does not conform to SSL standards, and these softwares ignore it, but the OpenSSL library is more strict? - Original Message - From: Henry Su [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Friday, January 21, 2005 10:10 PM Subject: RE: SSL error: no cipher list No sure if you have set it or not. If not, you can try following example: #define CIPHER_LIST ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) ; -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Yuriy Synov Sent: Friday, January 21, 2005 6:15 AM To: openssl Subject: SSL error: no cipher list Dear All, I get this error with one POP3 server when I call function SSL_connect: error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list Could someone tell me what it means and how I can get rid of it? TIA Best regards, Yuriy Synov. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: SSL error: no cipher list
On Sat, Jan 22, 2005, Yuriy Synov wrote: No sure if you have set it or not. If not, you can try following example: #define CIPHER_LIST ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) ; I tried to set that cipher list, and now I get the following error: error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available I also tried ALL and some other cipher lists, and I always get one of these errors: 1) error:140650B5:SSL routines:CLIENT_HELLO:no ciphers available 2) error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list Microsoft Outlook Express 6.0 and Nokia 9500 smartphone messaging client do work with the POP3 server that causes the trouble. Is it possible, that the server does not conform to SSL standards, and these softwares ignore it, but the OpenSSL library is more strict? See if you can connect to the server using the s_client test program. For example: openssl s_client -conntect hostname:995 (use whatever port it uses for POP4+SSL, 995 is standard). Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
RE: SSL error: no cipher list
No sure if you have set it or not. If not, you can try following example: #define CIPHER_LIST ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) ; -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Yuriy Synov Sent: Friday, January 21, 2005 6:15 AM To: openssl Subject: SSL error: no cipher list Dear All, I get this error with one POP3 server when I call function SSL_connect: error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list Could someone tell me what it means and how I can get rid of it? TIA Best regards, Yuriy Synov. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]