Re: Handshake fails for unknown reason

Thu, 07 Jul 2011 14:36:05 -0700 

Sorry for the previous html mail. Here it is again as plain text:

Hi everyone,
I have several servers at different locations and some of them just won't connect to e.g. rapidshare.com while others do without problem. 
All servers have the same setup running Ubuntu 10.04.

This is the command I use:
openssl s_client -ssl3 -connect rapidshare.com:443 -prexit

This is the response I get when the ssl connection fails:
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    Start Time: 1310026388
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---


And this is what I get from servers where everything works find:

CONNECTED(00000003)
depth=3 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/C=CH/postalCode=6330/ST=Zug/L=Cham/streetAddress=Gewerbestr. 6/O=RapidShare AG/OU=IT/OU=Premium SSL Wildcard/CN=*.rapidshare.com 
   i:/C=DE/O=WebSpace-Forum, Thomas Wendt/CN=WebSpace-Forum Server CA
1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 2 s:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 
 3 s:/C=DE/O=WebSpace-Forum, Thomas Wendt/CN=WebSpace-Forum Server CA
i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware 
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEyzCCA7OgAwIBAgIQSJh4Z3fb5eRgxa32KDMcZTANBgkqhkiG9w0BAQUFADBX
MQswCQYDVQQGEwJERTElMCMGA1UEChMcV2ViU3BhY2UtRm9ydW0sIFRob21hcyBX
ZW5kdDEhMB8GA1UEAxMYV2ViU3BhY2UtRm9ydW0gU2VydmVyIENBMB4XDTA5MTAx
MjAwMDAwMFoXDTEyMTAxMTIzNTk1OVowgbAxCzAJBgNVBAYTAkNIMQ0wCwYDVQQR
EwQ2MzMwMQwwCgYDVQQIEwNadWcxDTALBgNVBAcTBENoYW0xFjAUBgNVBAkTDUdl
d2VyYmVzdHIuIDYxFjAUBgNVBAoTDVJhcGlkU2hhcmUgQUcxCzAJBgNVBAsTAklU
MR0wGwYDVQQLExRQcmVtaXVtIFNTTCBXaWxkY2FyZDEZMBcGA1UEAxQQKi5yYXBp
ZHNoYXJlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsDRDSgfoMzjK
aNTP9fmBDugDGMAyXNJE2PeyK3LVfKBoOdjfoPd/U2SmyaNQ33DsR6tZnOAlENak
Rjxh0+Sy2l6lXfoN+MhihFgpSdcEQromfkZH9EcsnhA+bTlmmn6sncTU65CiDuVX
CdNBbOGmKiig4j7VkmacbgZQ+u/KNC0CAwEAAaOCAbswggG3MB8GA1UdIwQYMBaA
FCCSBeI5BGWHq7AUFA7yDPSMWawVMB0GA1UdDgQWBBTNKZM9ejxo2ZT/EwzXloSv
MHDk2TAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwQwYDVR0gBDwwOjA4BgorBgEEAYHOdwEBMCowKAYI
KwYBBQUHAgEWHGh0dHA6Ly9jcHMud2Vic3BhY2UtZm9ydW0uZGUwRwYDVR0fBEAw
PjA8oDqgOIY2aHR0cDovL2NybC53ZWJzcGFjZS1mb3J1bS5kZS9XZWJTcGFjZUZv
cnVtU2VydmVyQ0EuY3JsMH0GCCsGAQUFBwEBBHEwbzBCBggrBgEFBQcwAoY2aHR0
cDovL2NydC53ZWJzcGFjZS1mb3J1bS5kZS9XZWJTcGFjZUZvcnVtU2VydmVyQ0Eu
Y3J0MCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC53ZWJzcGFjZS1mb3J1bS5kZTAr
BgNVHREEJDAighAqLnJhcGlkc2hhcmUuY29tgg5yYXBpZHNoYXJlLmNvbTANBgkq
hkiG9w0BAQUFAAOCAQEAbEmZ9/LWBB32HXmcWZdn49f8xWkiTU8k/0WEW6KmtOUZ
C9s2ctAxMg05XWIKVxLqC4iqbUQkKS+yr16GS6SidFHtWu2NILXtaz8p6aJFDQB4
UWhhI0LDnbAS0AVKkSOkclOsTn+qbeBjAaSSknzhuR/yFuaEhn9X4CGDfW+UCnGm
hN3Im1O9xuGL2RnDwtoB4h+io2m0uqbYwosfJrk2N/QZg6Du+5xIssCOouY5tbto
BnPq2tuk8drvxJy+P9ykDWbqIm9HPeKhlBpLKV+/X0jN1hV7K3m02yZxh3DBMmtk
d/VTVG+U29Xe6qegiLJ5k6kzlkCoNG6/KEGizJcIOA==
-----END CERTIFICATE-----
subject=/C=CH/postalCode=6330/ST=Zug/L=Cham/streetAddress=Gewerbestr. 6/O=RapidShare AG/OU=IT/OU=Premium SSL Wildcard/CN=*.rapidshare.com 
issuer=/C=DE/O=WebSpace-Forum, Thomas Wendt/CN=WebSpace-Forum Server CA
---
No client certificate CA names sent
---
SSL handshake has read 4948 bytes and written 301 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv3
    Cipher    : AES256-SHA
Session-ID: 14983A9C958DF71D754837ACCD8DF18341B152049FC1A7293020300D6B94B79F 
    Session-ID-ctx:
Master-Key: 7F6040A7A7505052C1D7C5D5254F98A2AFC11EC4D286583F1AA031CAC4D642B7170DCE5755E00DDB3CC2ACE2F3ACC2C6 
    Key-Arg   : None
    Start Time: 1310026379
    Timeout   : 7200 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---
I have no clue why two identical servers give me different results and I'm glad for any help. 

Best Regards,

tobobant
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to