RE: ssl handshake failure in 1.0.1 but not 1.0.0

2013-11-12 Thread Ben Arnold
> From: Dave Thompson > > > > Yes, the server has a custom root cert that isn't installed on this > machine. I am happy that the server cert is correct. > > > For testing that's okay, but I hope in real use you are verifying. > Otherwise an active attacker may be able to MITM your connections. Pr

RE: ssl handshake failure in 1.0.1 but not 1.0.0

2013-11-10 Thread Dave Thompson
> From: owner-openssl-users On Behalf Of Ben Arnold > Sent: Friday, November 08, 2013 10:45 > I have tried using s_client and it fails with the same handshake failure. Please > see below. > > > > Attaching a PCAP file of the traffic is much more useful than hex packet > > dumps. > > You're righ

RE: ssl handshake failure in 1.0.1 but not 1.0.0

2013-11-08 Thread Ben Arnold
> From: Viktor Dukhovni > > You can test with s_client(1) and compare results. Is your client > certificate an > RSA certificate? How many bits of public key? Is its signature SHA1 or > SHA256? It's a 2048 bit RSA SHA1 certificate, but I think Dave Thompson's right and it's not getting that f

RE: ssl handshake failure in 1.0.1 but not 1.0.0

2013-11-07 Thread Krzysztof Kwiatkowski
ing SSL_CTX_set_client_cert_cb to provide the client > certificate when needed. I have a problem in that OpenSSL 1.0.1e > does not trigger this callback for all websites that I expect it > to, only some. Instead on the failing sites there is an SSL > handshake failure after the client veri

RE: ssl handshake failure in 1.0.1 but not 1.0.0

2013-11-07 Thread Dave Thompson
m in that OpenSSL 1.0.1e > > does not trigger this callback for all websites that I expect it > > to, only some. Instead on the failing sites there is an SSL > > handshake failure after the client verifies the server certificate: > > You can test with s_client(1) and compa

Re: ssl handshake failure in 1.0.1 but not 1.0.0

2013-11-07 Thread Viktor Dukhovni
the failing sites there is an SSL > handshake failure after the client verifies the server certificate: You can test with s_client(1) and compare results. Is your client certificate an RSA certificate? How many bits of public key? Is its signature SHA1 or SHA256? > SSL read:

Re: SSL handshake failure

2010-11-14 Thread Dr. Stephen Henson
On Sun, Nov 14, 2010, Timur Elzhov wrote: > Hi, openssl experts! > > It's required to transfer data to Apple Push service that is located at > gateway.sandbox.push.apple.com:2195. I'm given the certificate and private > key both included in Certificate_and_key.pem. Trying to connect: > > $ opens

SSL handshake failure

2010-11-14 Thread Timur Elzhov
Hi, openssl experts! It's required to transfer data to Apple Push service that is located at gateway.sandbox.push.apple.com:2195. I'm given the certificate and private key both included in Certificate_and_key.pem. Trying to connect: $ openssl s_client -connect gateway.sandbox.push.apple.com:2195

Re: ssl handshake failure: s23_l.c:188

2009-06-24 Thread Victor Duchovni
On Wed, Jun 24, 2009 at 08:48:28PM -0400, Robert Jacobson wrote: > > I'm having a problem with Firefox connecting to a web site at work. I > found that openssl also has problems with it. I can connect with other > browsers like IE, Chrome, and Safari. > > There is a Firefox bug report, but no

ssl handshake failure: s23_l.c:188

2009-06-24 Thread Robert Jacobson
I'm having a problem with Firefox connecting to a web site at work. I found that openssl also has problems with it. I can connect with other browsers like IE, Chrome, and Safari. There is a Firefox bug report, but no one is working on it. See: https://bugzilla.mozilla.org/show_bug.cgi?id=44

Re: www.harryanddavid.com SSL handshake failure error in non-blocking mode.

2006-01-13 Thread Dr. Stephen Henson
On Fri, Jan 13, 2006, Krishna M Singh wrote: > > I remember the SSL stack of Netscape and Firefox are OpenSSL variants. > Does this mean the same has been fixed in their stacks or is it > handled by the application itself?. > Then you remember incorrectly. Netscape and Firefox use NSS which is

Re: www.harryanddavid.com SSL handshake failure error in non-blocking mode.

2006-01-12 Thread Krishna M Singh
Hi Thank for the inputs. Disabling TLS removes the problem. Apart from that i tried following With the default configuration set and page accessed through Netscape 7.2 the web page is not accessible and when refreshed the page is accessible. Every time the browser is closed and reopened the sam

Re: www.harryanddavid.com SSL handshake failure error in non-blocking mode.

2006-01-10 Thread Dr. Stephen Henson
On Tue, Jan 10, 2006, Krishna M Singh wrote: > > Also when we use SSLv2 only this works fine.. Only with SSLv23 the > handshake fails. Any ideas or pointers how to proceed further wud be of > great help.. > Seems it doesn't support TLS and messes up SSLv3 when the client indicates it supports T

www.harryanddavid.com SSL handshake failure error in non-blocking mode.

2006-01-10 Thread Krishna M Singh
Hi All I have written an SSL client that performs SSL handshake with any webserver and validates the certificate recevied from the Webserver. With all other site the handshake works pefectly fine and has been tested with 100's of secure sites.. the SSL handshake between my client and www.harryand

Openssl-0.9.7c changes cause SSL handshake failure

2003-10-20 Thread Tal Mozes
Title: Openssl-0.9.7c changes cause SSL handshake failure Hi all, I need some help in figuring out how to solve a SSL handshake failure that started after upgrading (from 0.9.7b) to 0.9.7c. Here are the symptoms: SSL_connect breaks with SSL_R_MISSING_EXPORT_TMP_RSA_KEY. This happens

Re: SSL Handshake Failure !

2001-10-04 Thread Dr S N Henson
Andy Schneider wrote: > > Does anyone have any canned code I could steal that does IP address > validation. I.e. grabs the IP address from the alt subject name and > compares it against the IP of the incoming socket? > No I don't. But in outline you need to extract and decode the subject alt na

RE: SSL Handshake Failure !

2001-10-04 Thread Steve Quirk
gt; > Andy S. > > > -Original Message- > > From: Costas Magos [mailto:[EMAIL PROTECTED]] > > Sent: 04 October 2001 15:40 > > To: [EMAIL PROTECTED] > > Subject: SSL Handshake Failure ! > > Importance: High > > > > > > Dear all, > &g

SSL handshake failure

2001-10-01 Thread Costas Magos
Hi to all, I'm running an Apache server (1.3.19) with openssl 0.9.6b on Solaris 2.6 / SPARCclassic platform. Apache serves a site that accesses a database through various cgi-scripts or through a java applet for more specialized actions. The database is managed just fine with the cgi-scripts,

ssl handshake failure

1999-10-07 Thread Peter Ziatek
Hi, I'm trying to connect to a site with a self signed certificate. And I get the below error message. I am able to correctly connect to other secured sites... Thanks in advance for the help. 8 /home/pziatek > openssl s_client -connect security.corp.sgi.com:443 -state SSL_connect:before/connec

ssl handshake failure (was Re: 386 problems)

1999-04-28 Thread Philip
Ulf, I removed the cpp file and everything finally compiled without errors. Thanks for your continued assistance on this! Unfortunately, I'm still not able to connect and am still at a loss as to why. When I run s_client I receive the following: CONNECTED(0003) 31019:error:140790E3:SSL ro

SSL handshake Failure

1999-04-20 Thread azhar
I am having these problem about the SSL handshake, the stronghold server return the error code 0x28 (hanshake-failure) after my SSL client program send the Client_key_exchange (0x16,0x03,0x00,..), Cipher_change_spec (0x14,0x03,0x00,) and client-hanshake_finished(0x16,0x03,0x00,...). The

Re: SSL Handshake failure (openssl-0.9.1c)

1999-03-24 Thread Bodo Moeller
Leonid Elbert <[EMAIL PROTECTED]>: > The following errors I got during a try to connect to a https site. >> SSLeay>s_client -host www.srd.com -port 443 [...] >> 4102:error:140790E3:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:224: It works with s_client -host www.srd.com -port

SSL Handshake failure (openssl-0.9.1c)

1999-03-24 Thread Leonid Elbert
Dear sirs, The following errors I got during a try to connect to a https site. > >SSLeay>s_client -host www.srd.com -port 443 >CONNECTED(0003) >depth=0 /C=US/ST=Ohio/L=Columbus/O=Securities Registration Depository, >Inc./OU=Securities Registration Depository >, Inc./CN=www.srd.com >verify erro