> From: owner-openssl-us...@openssl.org On Behalf Of Pingzhong Li > Sent: Sunday, 13 March, 2011 12:27 <snip> > There is no client auth on this. Actually this is is the second SSL > connection to the server. The first connection is ok. > (s_client works here). > After I added more logging [using message callback] > I was able to figure out that it is a bug in the XMPP SDK > (SDK is using the > openssl) we are using, it would initiate the SSL handshake > twice which > seems confusing the server. Here is the handshake sequence > for the first > successful connection ("O>>>>" means the message is sent out > by client, > "I<<<<" means the message is received by client): > O>>>>SSLv2, Client hello (1): > I<<<<SSLv3, TLS handshake, Server hello (2): > I<<<<SSLv3, TLS handshake, CERT (11): > I<<<<SSLv3, TLS handshake, Server key exchange (12): > I<<<<SSLv3, TLS handshake, Server finished (14): > O>>>>SSLv3, TLS handshake, Client key exchange (16): > O>>>>SSLv3, TLS change cipher, Client hello (1): > O>>>>SSLv3, TLS handshake, Finished (20): > I<<<<SSLv3, TLS change cipher, Client hello (1): > I<<<<SSLv3, TLS handshake, Finished (20): > Minor point: handshake 14 is officially server_hello_done, and should not be confused with 20=finished. And changecipher 1 is change_cipher, not client_hello. But yes that is the normal sequence (without client-auth).
> Here is the second failed TLS handshake sequence: > O>>>>SSLv2, Client hello (1): > O>>>>SSLv2, Client hello (1): > I<<<<SSLv3, TLS handshake, Server hello (2): > I<<<<SSLv3, TLS handshake, CERT (11): > I<<<<SSLv3, TLS handshake, Server key exchange (12): > O>>>>SSLv3, TLS alert, Server hello (2): > O>>>>SSLv2, Client hello (1): > O>>>>SSLv2, Client hello (1): > O>>>>SSLv2, Client hello (1): > Similarly, alert level=2 is "fatal" not server_hello. > Note that there are 2 "client hello" in the beginning, and > client is waiting > for the following message from server which client never gets > it before it > bailed out: > I<<<<SSLv3, TLS handshake, Server finished (14): > Yes, that is certainly messed up. After sending a fatal alert, the client should not be waiting for (or otherwise expecting) *anything*. But if it were, at this point it should be expecting either 13=certificate_request or 14=server_hello_done, unless no server EVER asks for client-auth. (Which is optional, remember; even if the server asks, the client can choose NOT to supply a cert, and then the server can choose whether to accept without cert.) Anyway, if you've found your problem, good for you. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org