From: Dave Thompson
Yes, the server has a custom root cert that isn't installed on this
machine. I am happy that the server cert is correct.
For testing that's okay, but I hope in real use you are verifying.
Otherwise an active attacker may be able to MITM your connections.
Production
From: owner-openssl-users On Behalf Of Ben Arnold
Sent: Friday, November 08, 2013 10:45
snip
I have tried using s_client and it fails with the same handshake failure.
Please
see below.
Attaching a PCAP file of the traffic is much more useful than hex packet
dumps.
You're right of
From: Viktor Dukhovni
You can test with s_client(1) and compare results. Is your client
certificate an
RSA certificate? How many bits of public key? Is its signature SHA1 or
SHA256?
It's a 2048 bit RSA SHA1 certificate, but I think Dave Thompson's right and
it's not getting that far.
On Thu, Nov 07, 2013 at 12:29:13PM +, Ben Arnold wrote:
I am using SSL_CTX_set_client_cert_cb to provide the client
certificate when needed. I have a problem in that OpenSSL 1.0.1e
does not trigger this callback for all websites that I expect it
to, only some. Instead on the failing
From: owner-openssl-users On Behalf Of Viktor Dukhovni
Sent: Thursday, November 07, 2013 11:02
On Thu, Nov 07, 2013 at 12:29:13PM +, Ben Arnold wrote:
I am using SSL_CTX_set_client_cert_cb to provide the client
certificate when needed. I have a problem in that OpenSSL 1.0.1e
does
Do you still see an error if you specify one cipher? f.e. AES256-SHA?
On 2013-11-07 22:26, Dave Thompson wrote:
From: owner-openssl-users On Behalf Of Viktor Dukhovni
Sent: Thursday, November 07, 2013 11:02
On Thu, Nov 07, 2013 at 12:29:13PM +, Ben Arnold wrote:
I am using
On 8/25/2011 6:04 AM, Arjan Filius wrote:
Hello,
today i ran into a situation, where i notice firefox/chrome and
gnutls-cli use 3 tcp sessions to get a single ssl session, where openssl
s_client takes only one.
one tcp session is what i expect, and i hope someone may have an
explanation.
Hello David,
thanks for your reply, and that's correct. that was it for gnutls-cli.
after a confusing day, one of the original item triggered my firefox
browser, i thought reproduced with gnutls-cli.
In the end it was a simpel favicon issue, which kept connecting (no
cache).
regards,
On Thu,
On Sun, Nov 14, 2010, Timur Elzhov wrote:
Hi, openssl experts!
It's required to transfer data to Apple Push service that is located at
gateway.sandbox.push.apple.com:2195. I'm given the certificate and private
key both included in Certificate_and_key.pem. Trying to connect:
$ openssl
Selon Marek Marcola [EMAIL PROTECTED]:
Thank you very much for the response ..
Hello,
I try to connect a client to an SSL server in SSL 3.0 mode.
I do not achieve to have the SSL connexion.
When I look at the IP streams, I can see the Hello client message and the
handshake phase during
Hello,
I try to connect a client to an SSL server in SSL 3.0 mode.
I do not achieve to have the SSL connexion.
When I look at the IP streams, I can see the Hello client message and the
handshake phase during which I see the certificate sent by the server to the
client ( during this phase, I
I have a basic question here:
Is it mandatory to have the server configured with ciphers/certificates
for SSL handshake?
Thanks / Sukant
Alex Lam wrote:
Hi Alessandro,
You will need to set up a handful of cipher certificate related
settings before server and client will join.
I suggest
Sukanta Panigrahi wrote:
I have a basic question here:
Is it mandatory to have the server configured with ciphers/certificates
for SSL handshake?
Thanks / Sukant
well, ciphers - yes. If you don't do it, openssl gives you a default
cipher list.
certificates - not all the time. If you're
Unless someone recognizes the text, it might be helpful if you tell a
little more about the server and client side.
frans.
On Wed, 2007-10-10 at 00:09 +0200, Alessandro Baggi wrote:
I'm trying to make a client/server application with ssl connection but
the handshake doesn't work.
Reading
Hi Alessandro,
You will need to set up a handful of cipher certificate related settings
before server and client will join.
I suggest you take a look at the apps/s_server.c and apps/s_client.c
regards,
alex
On 10/9/07, Alessandro Baggi [EMAIL PROTECTED] wrote:
I'm trying to make a
If you wouldn't mind moving over to not-yet-common-ssl mailing list
(SSL and Java) I might be able to help you over there:
http://lists.juliusdavies.ca/listinfo.cgi/not-yet-commons-ssl-juliusdavies.ca/
To me it looks like you are missing a client certificate.
Try using java -jar
On Sun, Apr 17, 2005 at 10:53:50PM, Asif Iqbal wrote:
Hi All
I installed Apache/1.3.33 (Unix) mod_perl/1.29 mod_ssl/2.8.22
OpenSSL/0.9.7d on Solaris
Upgrade OpenSSL to latest to fix the problem. Thanks
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
..there are two kinds of
Check 'Network Security with OpenSSL' by John Veiga, Matt Messier and Pravir
Chandra
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Madhuri Rambhatla
Sent: Friday, June 18, 2004 10:14 AM
To: [EMAIL PROTECTED]
Subject: SSL Handshake
Hi,
I am trying to
I don't have the specific code, but it's not that much. I take it that
you're issuing your own certs with the acceptable client ip in the
subjectAltName - you might want to allow a range.
I have similar code but not for this purpose, so let's see if I can put
them together. My code looks at the
Andy Schneider wrote:
Does anyone have any canned code I could steal that does IP address
validation. I.e. grabs the IP address from the alt subject name and
compares it against the IP of the incoming socket?
No I don't. But in outline you need to extract and decode the subject
alt name
Anybody can explain me these SSL3_MT_* state?
Thanks.
-Zhong
-Original Message-
From: Zhong Chen
Sent: Wednesday, July 11, 2001 11:13 AM
To: [EMAIL PROTECTED]
Subject: ssl handshake state
In the ssl state machine, there are additional state with prefix _MT_.
Is this for
On Thu, Sep 23, 1999 at 03:17:32PM +0200, Goetz Babin-Ebell wrote:
In OpenSSL 0.9.3a I get the folowing handshake error:
(WindowsNT)
Logging from my program
SSL_connct: 11 to Host before/connect initialization
SSL_connct: 11 to Host SSLv3 write client hello A
SSL_read : 11 to Host SSL3
22 matches
Mail list logo
