OpenSSL version: openssl-1.0.0-1.fc13.i686
OS: Fedora 13
Server: Linksys WRT54G Firmware Version: v1.02.8
I'm attempting to use an OpenSSL application to communicate with a
Linksys WRT54G router. The application indicates that it can't
communicate with the router and gives an uninterpretable error message.
Using openssl s_client to debug the communication indicates that OpenSSL
is using TLS 1.0 handshaking. I've verified with Firefox that the
Linksys doesn't support TLS 1.0 handshaking.
If I attempt to disable TLS 1.0 handshaking in OpenSSL, I still get a
handshaking error.
Here is the s_client output with TLS 1.0 enabled:
$ openssl s_client -serverpref -bugs -msg -debug -connect 192.168.0.1:443
CONNECTED(00000003)
write to 0x833dc58 [0x8341bc8] (113 bytes => 113 (0x71))
0000 - 16 03 01 00 6c 01 00 00-68 03 01 4c 9c d9 f6 a9 ....l...h..L....
0010 - f5 f1 d7 b3 7c bd 4d a6-90 3f 58 4c 44 18 8e e5 ....|.M..?XLD...
0020 - c7 63 16 92 b9 35 5e 8a-3b 7b a5 00 00 3a 00 39 .c...5^.;{...:.9
0030 - 00 38 00 88 00 87 00 35-00 84 00 16 00 13 00 0a .8.....5........
0040 - 00 33 00 32 00 9a 00 99-00 45 00 44 00 2f 00 96 .3.2.....E.D./..
0050 - 00 41 00 05 00 04 00 15-00 12 00 09 00 14 00 11 .A..............
0060 - 00 08 00 06 00 03 00 ff-02 01 00 00 04 00 23 ..............#
0071 - <SPACES/NULS>
>>> TLS 1.0 Handshake [length 006c], ClientHello
01 00 00 68 03 01 4c 9c d9 f6 a9 f5 f1 d7 b3 7c
bd 4d a6 90 3f 58 4c 44 18 8e e5 c7 63 16 92 b9
35 5e 8a 3b 7b a5 00 00 3a 00 39 00 38 00 88 00
87 00 35 00 84 00 16 00 13 00 0a 00 33 00 32 00
9a 00 99 00 45 00 44 00 2f 00 96 00 41 00 05 00
04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00
03 00 ff 02 01 00 00 04 00 23 00 00
read from 0x833dc58 [0x8347128] (7 bytes => 7 (0x7))
0000 - 15 03 00 00 02 02 28 ......(
<<< SSL 3.0 Alert [length 0002], fatal handshake_failure
02 28
3077744348:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
alert handshake failure:s23_clnt.c:674:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 113 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
Here is the s_client output when TLS 1.0 is disabled:
$ openssl s_client -prexit -no_tls1 -msg -debug -connect 192.168.0.1:443
CONNECTED(00000003)
write to 0x9c30c58 [0x9c34bc8] (107 bytes => 107 (0x6B))
0000 - 16 03 00 00 66 01 00 00-62 03 00 4c 9c df be 3a ....f...b..L...:
0010 - c1 29 9b 8d 39 bb 46 57-ba a3 6a ce d7 06 c4 5f .)..9.FW..j...._
0020 - db 11 7f 10 51 83 fa e2-96 22 59 00 00 3a 00 39 ....Q...."Y..:.9
0030 - 00 38 00 88 00 87 00 35-00 84 00 16 00 13 00 0a .8.....5........
0040 - 00 33 00 32 00 9a 00 99-00 45 00 44 00 2f 00 96 .3.2.....E.D./..
0050 - 00 41 00 05 00 04 00 15-00 12 00 09 00 14 00 11 .A..............
0060 - 00 08 00 06 00 03 00 ff-02 01 ..........
006b - <SPACES/NULS>
>>> SSL 3.0 Handshake [length 0066], ClientHello
01 00 00 62 03 00 4c 9c df be 3a c1 29 9b 8d 39
bb 46 57 ba a3 6a ce d7 06 c4 5f db 11 7f 10 51
83 fa e2 96 22 59 00 00 3a 00 39 00 38 00 88 00
87 00 35 00 84 00 16 00 13 00 0a 00 33 00 32 00
9a 00 99 00 45 00 44 00 2f 00 96 00 41 00 05 00
04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00
03 00 ff 02 01 00
read from 0x9c30c58 [0x9c3a128] (7 bytes => 7 (0x7))
0000 - 15 03 00 00 02 02 28 ......(
<<< SSL 3.0 Alert [length 0002], fatal handshake_failure
02 28
3078403804:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
alert handshake failure:s23_clnt.c:674:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 107 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 107 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
User of the -bugs option doesn't change the output.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
