error: SSL accept error(SSL): error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher
Works great without FIPS but get "no shared cipher" error when FIPS enabled
libraries are linked in. Suspect the problem is with the X509 certificate
that I'm using. Certificates details are included below. Public Key
Algorthim on my certificate is rsaEncryption not sure if it can be used with
FIPS.
Thanks,
Saju
openssl version:0.9.7m
openssl fips version: 1.1.1
platform: windows XP (fipscansiter.o built with MinGW, openssl libs built
with VC++)
application: in-house FTP server built with openssl (works great with
regular (non-fips) openssl libraries)
server certificate: self-signed certificate built with openssl (command line
tool)
error: SSL accept error(SSL): error:1408A0C1:SSL
routines:SSL3_GET_CLIENT_HELLO:no shared cipher
built openssl libs with defines:
CIPHER_DEBUG & KSSL_DEBUG
Debug Output from Server:::
Server has 20 from 00C36E20:
006FEE38:ADH-AES256-SHA
006FEE10:DHE-RSA-AES256-SHA
006FEDE8:DHE-DSS-AES256-SHA
006FED70:AES256-SHA
006FED48:ADH-AES128-SHA
006FED20:DHE-RSA-AES128-SHA
006FECF8:DHE-DSS-AES128-SHA
006FEC80:AES128-SHA
006FEC08:EDH-RSA-DES-CBC3-SHA
006FEBE0:EDH-RSA-DES-CBC-SHA
006FEBB8:EXP-EDH-RSA-DES-CBC-SHA
006FEB90:EDH-DSS-DES-CBC3-SHA
006FEB68:EDH-DSS-DES-CBC-SHA
006FEB40:EXP-EDH-DSS-DES-CBC-SHA
006FEA28:DES-CBC3-SHA
006FEA00:DES-CBC-SHA
006FE9D8:EXP-DES-CBC-SHA
006FE8E8:ADH-DES-CBC3-SHA
006FE8C0:ADH-DES-CBC-SHA
006FE898:EXP-ADH-DES-CBC-SHA
Client sent 20 from 00C51158:
006FEE10:DHE-RSA-AES256-SHA
006FEDE8:DHE-DSS-AES256-SHA
006FED70:AES256-SHA
006FEC08:EDH-RSA-DES-CBC3-SHA
006FEB90:EDH-DSS-DES-CBC3-SHA
006FEA28:DES-CBC3-SHA
006FED20:DHE-RSA-AES128-SHA
006FECF8:DHE-DSS-AES128-SHA
006FEC80:AES128-SHA
006FE9B0:IDEA-CBC-SHA
006FE960:RC4-SHA
006FE938:RC4-MD5
006FEBE0:EDH-RSA-DES-CBC-SHA
006FEB68:EDH-DSS-DES-CBC-SHA
006FEA00:DES-CBC-SHA
006FEBB8:EXP-EDH-RSA-DES-CBC-SHA
006FEB40:EXP-EDH-DSS-DES-CBC-SHA
006FE9D8:EXP-DES-CBC-SHA
006FE988:EXP-RC2-CBC-MD5
006FE910:EXP-RC4-MD5
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 0 alg= d00050
0:[00000050:00000200]006FEE10:DHE-RSA-AES256-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 1 alg= d00090
0:[00000090:00000200]006FEDE8:DHE-DSS-AES256-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 2 alg= d00041
0:[00000041:00000200]006FED70:AES256-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 3 alg= 502050
0:[00000050:00000200]006FEC08:EDH-RSA-DES-CBC3-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 4 alg= 502090
0:[00000090:00000200]006FEB90:EDH-DSS-DES-CBC3-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 5 alg= 502041
0:[00000041:00000200]006FEA28:DES-CBC3-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 6 alg= d00050
0:[00000050:00000200]006FED20:DHE-RSA-AES128-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 7 alg= d00090
0:[00000090:00000200]006FECF8:DHE-DSS-AES128-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 8 alg= d00041
0:[00000041:00000200]006FEC80:AES128-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 9 alg= 510041
0:[00000041:00000200]006FE9B0:IDEA-CBC-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 10 alg= 504041
0:[00000041:00000200]006FE960:RC4-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 11 alg= 484041
0:[00000041:00000200]006FE938:RC4-MD5
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 12 alg= 501050
0:[00000050:00000200]006FEBE0:EDH-RSA-DES-CBC-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 13 alg= 501090
0:[00000090:00000200]006FEB68:EDH-DSS-DES-CBC-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 14 alg= 501041
0:[00000041:00000200]006FEA00:DES-CBC-SHA
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 15 alg= 501050
0:[00000050:00000200]006FEBB8:EXP-EDH-RSA-DES-CBC-SHA (export)
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 16 alg= 501090
0:[00000090:00000200]006FEB40:EXP-EDH-DSS-DES-CBC-SHA (export)
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 17 alg= 501041
0:[00000041:00000200]006FE9D8:EXP-DES-CBC-SHA (export)
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 18 alg= 488041
0:[00000041:00000200]006FE988:EXP-RC2-CBC-MD5 (export)
rt=0 rte=0 dht=0 re=0 ree=0 rs=0 ds=0 dhr=0 dhd=0
ssl3_choose_cipher 19 alg= 484041
0:[00000041:00000200]006FE910:EXP-RC4-MD5 (export)
tls1_enc(1)
certificate details:
Certificate:
Data:
Version: 1 (0x0)
Serial Number:
f5:55:6d:6c:47:4e:6c:84
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, ST=Michigan, L=Livonia, O=MessageWay Solutions,
OU=Development (FIPS), CN=localhost/[EMAIL PROTECTED]
Validity
Not Before: Aug 27 16:08:53 2007 GMT
Not After : Aug 24 16:08:53 2017 GMT
Subject: C=US, ST=Michigan, L=Livonia, O=MessageWay Solutions,
OU=Development (FIPS), CN=localhost/[EMAIL PROTECTED]
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (1024 bit)
Modulus (1024 bit):
00:c7:6d:b2:70:66:d0:10:ab:4c:4c:4f:9b:78:3a:
1e:ca:80:f8:d0:86:19:50:2a:2a:3d:3b:86:3e:04:
11:81:24:03:fb:f0:c7:57:1a:ba:f3:97:c6:cd:90:
38:bd:cf:08:b6:94:1a:2e:80:07:4d:06:c2:ee:50:
74:2d:0c:9b:55:02:a0:4b:88:2e:06:e1:36:bb:d3:
1e:80:6d:db:28:b6:e2:7b:78:d4:b8:08:57:92:44:
b8:e6:8f:f4:81:91:81:04:cd:02:18:7a:51:a7:28:
a6:9f:bc:47:cd:a4:6d:b1:a2:de:37:2d:be:3b:1a:
56:2b:7f:de:e8:50:36:63:31
Exponent: 65537 (0x10001)
Signature Algorithm: sha1WithRSAEncryption
24:40:eb:50:3d:08:b4:b0:33:b7:ba:e2:f6:77:72:87:03:4b:
d9:f3:19:b4:46:26:1e:3e:10:4c:ac:7c:86:22:8f:95:c9:be:
ba:3b:c1:fa:ec:1f:42:bd:39:97:8e:db:b9:cd:ce:e3:1c:2c:
39:96:b4:bd:47:b5:35:a4:45:05:42:99:44:e8:fc:84:25:32:
41:48:6c:9d:d8:11:55:12:00:fd:7c:b9:8c:0b:90:d2:02:bb:
59:ad:cb:f6:97:9a:7a:2e:e1:30:c3:b4:ce:de:ac:e1:6c:de:
51:37:c3:0e:6b:89:e6:aa:51:70:d8:d1:79:a7:24:d0:a9:d4:
38:42
-----BEGIN CERTIFICATE-----
MIICyTCCAjICCQD1VW1sR05shDANBgkqhkiG9w0BAQUFADCBqDELMAkGA1UEBhMC
VVMxETAPBgNVBAgTCE1pY2hpZ2FuMRAwDgYDVQQHEwdMaXZvbmlhMR0wGwYDVQQK
ExRNZXNzYWdlV2F5IFNvbHV0aW9uczEbMBkGA1UECxMSRGV2ZWxvcG1lbnQgKEZJ
UFMpMRIwEAYDVQQDEwlsb2NhbGhvc3QxJDAiBgkqhkiG9w0BCQEWFXN1cHBvcnRA
bWVzc2Fnd2F5LmNvbTAeFw0wNzA4MjcxNjA4NTNaFw0xNzA4MjQxNjA4NTNaMIGo
MQswCQYDVQQGEwJVUzERMA8GA1UECBMITWljaGlnYW4xEDAOBgNVBAcTB0xpdm9u
aWExHTAbBgNVBAoTFE1lc3NhZ2VXYXkgU29sdXRpb25zMRswGQYDVQQLExJEZXZl
bG9wbWVudCAoRklQUykxEjAQBgNVBAMTCWxvY2FsaG9zdDEkMCIGCSqGSIb3DQEJ
ARYVc3VwcG9ydEBtZXNzYWd3YXkuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQDHbbJwZtAQq0xMT5t4Oh7KgPjQhhlQKio9O4Y+BBGBJAP78MdXGrrzl8bN
kDi9zwi2lBougAdNBsLuUHQtDJtVAqBLiC4G4Ta70x6AbdsotuJ7eNS4CFeSRLjm
j/SBkYEEzQIYelGnKKafvEfNpG2xot43Lb47GlYrf97oUDZjMQIDAQABMA0GCSqG
SIb3DQEBBQUAA4GBACRA61A9CLSwM7e64vZ3cocDS9nzGbRGJh4+EEysfIYij5XJ
vro7wfrsH0K9OZeO27nNzuMcLDmWtL1HtTWkRQVCmUTo/IQlMkFIbJ3YEVUSAP18
uYwLkNICu1mty/aXmnou4TDDtM7erOFs3lE3ww5rieaqUXDY0XmnJNCp1DhC
-----END CERTIFICATE-----
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
