openssl client -> java jsse server problem
I'm stuck trying to get the openssl 0.9.5a s_client
to talk with a java (jsse) server, using DSA algorithms.
I've tried 512-bit and 1024-bit keys.
The java server is using a keytool-generated
cert/key pair, signed by my CA cert that I created
with openssl.
The client seems to get past the certificate
verification but complains: SSL3_GET_KEY_EXCHANGE:
wrong signature length.
openssl server <-> openssl client works okay.
java server <-> java client works okay.
java server <-> openssl is broken.
Is this a bug with my certs, or elsewhere?
Where do I begin digging?
Thanks,
--Will
% openssl s_client -connect lightning.rest.home.net:9003 \
-CAfile certs/ca.cert.pem \
-debug -showcerts -cipher EDH-DSS-DES-CBC3-SHA
CONNECTED(00000005)
write to 00144950 [001459D0] (46 bytes => 46 (0x2E))
0000 - 80 2c 01 03 01 00 03 00-00 00 20 00 00 13 19 e2 .,........
.....
<blah blah blah>
0020 - 69 20 1f e4 81 4e 2f 29-a2 5e 52 1f 12 36 i ...N/).^R..6
read from 00144950 [0014AF30] (7 bytes => 7 (0x7))
0000 - 16 03 01 07 00 02 ......
0007 - <SPACES/NULS>
read from 00144950 [0014AF37] (1790 bytes => 1790 (0x6FE))
0000 - 00 46 03 01 39 2d 6a 46-c3 d5 28 13 15 1a be 16
.F..9-jF..(.....
<blah blah blah>
06f0 - 07 3c a7 cc 72 ac a5 59-ac f0 0e .<..r..Y...
06fe - <SPACES/NULS>
depth=1 /C=US/ST=California/L=Redwood City/O=AtHome/OU=Modem
Provisioning/CN=Modem [EMAIL PROTECTED]
verify return:1
depth=0 /C=US/ST=California/O=AtHome/OU=Modem Provisioning 21042
Server/CN=lightning.rest.home.net
verify return:1
write to 00144950 [00142E10] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 32 ......2
21169:error:1408D108:SSL routines:SSL3_GET_KEY_EXCHANGE:wrong signature
length:s3_clnt.c:1036:
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
