The server needs to generate a weak temporary RSA key pair and send it
across in a Server Key exchange message.
-Dave Ahrens
-----Original Message-----
From: Eric Gilbertson [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, March 21, 2000 9:44 AM
To: '[EMAIL PROTECTED]'
Subject: SSL3 handshake fails with SSL_AD_UNEXPECTED_MESSAGE error (v.
0.9 on NT/Solaris)
Hello:
Can anyone point me to a solution to the infamous handshake
problems that occur when a weak crypto client attempts to
connect with a strong server? I've purused the relevant
posts in the archives and they seem similar but not exactly
the same as what I am seeing. The problem is related to this
test:
line #703 of s3_clnt.c:
if (s->s3->tmp.message_type != SSL3_MT_CERTIFICATE)
{
al=SSL_AD_UNEXPECTED_MESSAGE;
...
}
from ssl3_get_server_certificate(). The type is 0 (instead
of 1) causing an abort. As far as I can tell the server had
correctly sent the cert across so the error is a mystery to
me. Looking up the stack trace it appears that the client
thinks it is doing an anonymous DH handshake, whereas I expect
it to be doing RSA so perhaps this is a symptom and not the
problem. I also wonder if the handshake logic is dependent
upon the cert attributes. I swore this was working until I
generated a new cert (using the ssleay cmd line utility).
But since both the new and the old certs were generated using
the same parameters I don't see how this could affect anything. Any solution
pointers are greatly appreciated.
eric gilbertson
[EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
