[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#3828) SSL Connection closed immediatly after "ClientHello"



On Tue, Mar 28, 2006 at 11:37:11PM +0000, xrgtn@yandex.ru wrote:
> If I run s_server in place of slapd, using _the same_
> cert/key pair, SSL handshake with s_client passes.
> 
> Also, slapd works (surprise!!!) when I use RSA cert/key
> instead of DSA.

version of slapd:
> $ apt-show-versions -a -p slapd
> slapd   2.2.26-5        install ok installed

debug trace of slapd:
> TLS trace: SSL_accept:before/accept initialization
> tls_read: want=11, got=11
>   0000:  80 8c 01 03 01 00 63 00  00 00 20                  ......c...
> tls_read: want=131, got=131
>   0000:  00 00 39 00 00 38 00 00  35 00 00 16 00 00 13 00   ..9..8..5.......
>   0010:  00 0a 07 00 c0 00 00 33  00 00 32 00 00 2f 03 00   .......3..2../..
>   0020:  80 00 00 66 00 00 05 00  00 04 01 00 80 08 00 80   ...f............
>   0030:  00 00 63 00 00 62 00 00  61 00 00 15 00 00 12 00   ..c..b..a.......
>   0040:  00 09 06 00 40 00 00 65  00 00 64 00 00 60 00 00   ....@..e..d..`..
>   0050:  14 00 00 11 00 00 08 00  00 06 04 00 80 00 00 03   ................
>   0060:  02 00 80 65 8d a5 47 d3  7b bf 04 61 11 4d b5 08   ...e..G.{..a.M..
>   0070:  b2 18 7f 7f 69 db 71 ee  53 57 ac e0 2f 6d 8f 2b   ....i.q.SW../m.+
>   0080:  f5 7f 87                                           ...
> tls_write: want=7, written=7
>   0000:  15 03 01 00 02 02 28                               ......(
> TLS trace: SSL3 alert write:fatal:handshake failure
> TLS trace: SSL_accept:error in SSLv3 read client hello B
> TLS trace: SSL_accept:error in SSLv3 read client hello B
> TLS: can't accept.
> TLS: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher s3_srvr.c:972