On Mon, Feb 27, 2012, Tammany, Curtis wrote: > There are the only messages that were appearing in the log: > [Fri Feb 24 15:16:23 2012] [error] [client XX.XX.XXX.XX] Certificate > Verification: Error (20): unable to get local issuer certificate > [Fri Feb 24 15:16:23 2012] [error] [client XX.XX.XXX.XX] Re-negotiation > handshake failed: Not accepted by client!? > > I needed to have SSL 3.0 and TLS 1.0 enabled on the browser as some other (I > suspect IIS) sites are TLS only. Finally when we rolled OpenSSL back to > 0.9.8r, were we able to negotiate a successful handshake with Windows 7/IE8. > This is the current working configuration on the server: > SSLProtocol -all +SSLv3 +TLSv1 > SSLCipherSuite SSLv3:TLSv1 > SSLHonorCipherOrder on > >
See if this patch fixes it: http://cvs.openssl.org/chngview?cn=22128 Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [email protected] Automated List Manager [email protected]
