> From: owner-openssl-us...@openssl.org On Behalf Of Pingzhong Li
> Sent: Sunday, 13 March, 2011 12:27
<snip>
> There is no client auth on this. Actually this is is the second SSL
> connection to the server. The first connection is ok.
> (s_client works here).
> After I added more logging [using message callback]
> I was able to figure out that it is a bug in the XMPP SDK
> (SDK is using the
> openssl) we are using, it would initiate the SSL handshake
> twice which
> seems confusing the server. Here is the handshake sequence
> for the first
> successful connection ("O>>>>" means the message is sent out
> by client,
> "I<<<<" means the message is received by client):
> O>>>>SSLv2, Client hello (1):
> I<<<<SSLv3, TLS handshake, Server hello (2):
> I<<<<SSLv3, TLS handshake, CERT (11):
> I<<<<SSLv3, TLS handshake, Server key exchange (12):
> I<<<<SSLv3, TLS handshake, Server finished (14):
> O>>>>SSLv3, TLS handshake, Client key exchange (16):
> O>>>>SSLv3, TLS change cipher, Client hello (1):
> O>>>>SSLv3, TLS handshake, Finished (20):
> I<<<<SSLv3, TLS change cipher, Client hello (1):
> I<<<<SSLv3, TLS handshake, Finished (20):
>
Minor point: handshake 14 is officially server_hello_done,
and should not be confused with 20=finished.
And changecipher 1 is change_cipher, not client_hello.
But yes that is the normal sequence (without client-auth).
> Here is the second failed TLS handshake sequence:
> O>>>>SSLv2, Client hello (1):
> O>>>>SSLv2, Client hello (1):
> I<<<<SSLv3, TLS handshake, Server hello (2):
> I<<<<SSLv3, TLS handshake, CERT (11):
> I<<<<SSLv3, TLS handshake, Server key exchange (12):
> O>>>>SSLv3, TLS alert, Server hello (2):
> O>>>>SSLv2, Client hello (1):
> O>>>>SSLv2, Client hello (1):
> O>>>>SSLv2, Client hello (1):
>
Similarly, alert level=2 is "fatal" not server_hello.
> Note that there are 2 "client hello" in the beginning, and
> client is waiting
> for the following message from server which client never gets
> it before it
> bailed out:
> I<<<<SSLv3, TLS handshake, Server finished (14):
>
Yes, that is certainly messed up.
After sending a fatal alert, the client should not
be waiting for (or otherwise expecting) *anything*.
But if it were, at this point it should be expecting
either 13=certificate_request or 14=server_hello_done,
unless no server EVER asks for client-auth.
(Which is optional, remember; even if the server asks,
the client can choose NOT to supply a cert, and then
the server can choose whether to accept without cert.)
Anyway, if you've found your problem, good for you.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
