RE: openssl connection problem...
(Oops, I just found this un-sent, sorry) From: owner-openssl-us...@openssl.org On Behalf Of Carol Walter Sent: Thursday, 29 January, 2009 11:28 ... I'm trying to use openssl to connect to postgres. The process is not working. When I try to connect using s_client without any of the postgres bits, ... walt...@cat:~$ openssl s_client -debug -connect db:5433 CONNECTED(0005) write to 0008C418 [0008F170] (142 bytes = 142 (0x8E)) ... read from 0008C418 [000946D0] (7 bytes = 0 (0x0)) 12245:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:../../../../common/openssl/ssl/s23_lib.c:226: Is there a verbose command that will give me more information? While the hex dump is a lot of detailed information, I don't what it's telling me. Not really. After your client system sends the ClientHello, the server is being disconnected. No alert, no explanation, just disconnected. Possibly it's not set up to do SSL, or not on this port, or perhaps not this version -- what happens if you specify -ssl2, -ssl3, or -tls1? If that's not it, try looking in the server's log(s) (or having someone do so for you) at the time of an attempt and see if it says anything relevant. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
openssl connection problem...
Hello, I'm new to this list, so I hope this is the correct place to post this problem. I'm trying to use openssl to connect to postgres. The process is not working. When I try to connect using s_client without any of the postgres bits, I get an error message as follows: walt...@cat:~$ openssl s_client -connect db:5433 CONNECTED(0005) 12210:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:../../../../common/openssl/ssl/s23_lib.c:226: I issued the same command with the debug option and get an error as follows: walt...@cat:~$ openssl s_client -debug -connect db:5433 CONNECTED(0005) write to 0008C418 [0008F170] (142 bytes = 142 (0x8E)) - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ..c... .. 9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 .. 3..2../.f. 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .c.. 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...@ 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`... 0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 0b fd 0070 - 56 53 2f a4 76 0b 02 c4-d9 fd 4e fd 06 fa 3b 65 VS/.v.N...;e 0080 - b4 9c 5f fb 8d 6b 25 5b-68 aa b3 90 ec d7 .._..k%[h. read from 0008C418 [000946D0] (7 bytes = 0 (0x0)) 12245:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:../../../../common/openssl/ssl/s23_lib.c:226: Is there a verbose command that will give me more information? While the hex dump is a lot of detailed information, I don't what it's telling me. Thank you for your help. Carol Walter __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
RE: openssl connection problem...
Hi Carol, I believe you can add -state as a parameter to the client and server side to see what phase things are happening in. Kevin. -Original Message- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Carol Walter Sent: Thursday, January 29, 2009 11:28 AM To: openssl-users@openssl.org Subject: openssl connection problem... Hello, I'm new to this list, so I hope this is the correct place to post this problem. I'm trying to use openssl to connect to postgres. The process is not working. When I try to connect using s_client without any of the postgres bits, I get an error message as follows: walt...@cat:~$ openssl s_client -connect db:5433 CONNECTED(0005) 12210:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:../../../../common/openssl/ssl/s23_lib.c:226: I issued the same command with the debug option and get an error as follows: walt...@cat:~$ openssl s_client -debug -connect db:5433 CONNECTED(0005) write to 0008C418 [0008F170] (142 bytes = 142 (0x8E)) - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ..c... .. 9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 .. 3..2../.f. 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .c.. 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...@ 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`... 0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 0b fd 0070 - 56 53 2f a4 76 0b 02 c4-d9 fd 4e fd 06 fa 3b 65 VS/.v.N...;e 0080 - b4 9c 5f fb 8d 6b 25 5b-68 aa b3 90 ec d7 .._..k%[h. read from 0008C418 [000946D0] (7 bytes = 0 (0x0)) 12245:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:../../../../common/openssl/ssl/s23_lib.c:226: Is there a verbose command that will give me more information? While the hex dump is a lot of detailed information, I don't what it's telling me. Thank you for your help. Carol Walter __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: OpenSSL connection problem
On Thu, Nov 30, 2000 at 01:43:16PM +0100, Wolfgang Marczy wrote: I have some problems establishing a SSL connection. I am writing on an SMTP server, which should accept SSL connections. I am sending mails with Netscape 4.7 (and Microsoft Outlook) over SSL, but the connection fails, because no common enrcyption method was found: "error: 1408A0C1:SSL routines:SSL3_GETCLIENT_HELLO:no shared ciphers" Now my questions: I have initialized the SSL connection as described in the OpenSSL documentation, only SSL_accept fails with the above reason. I tried different cipher settings, like "SSLv3", "RC4-MD5" or the default values. SSL_set_cipher_list returned 1, so I believe it worked. What is additionally needed? The man pages state something about certificates and keys which I need to use these ciphers. Do I have to generate them manually with some function first, before the client accepts the ciphers? For an RSA cipher (like RC4-MD5) you _must_ have an RSA certificate and private key. You can create them with the OpenSSL included tools. From my homepage (see below), you can retrieve my Postfix/TLS patchkit. It enables SSL for the Postfix SMTP server and also contains a short course on how to generate certificates. Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/ Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129 Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153 __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
OpenSSL connection problem
Hi everybody, I have some problems establishing a SSL connection. I am writing on an SMTP server, which should accept SSL connections. I am sending mails with Netscape 4.7 over SSL, but the connection fails, because no common enrcyption method was found. Now my questions: I have initialized the SSL connection as described in the OpenSSL documentation, only SSL_accept fails with the above reason. I set the ciphers to "SSLv3", to use SSL v3 algorithms and ciphers. What is additionally needed? The man pages state something about certificates and keys which I need to use these ciphers. Do I have to generate them manually with some function first ? Thanx, Wolfgang Marczy. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]