Le 10/05/2012 11:39, Andreas Bießmann a écrit :
[...] (one of the errournous boxes) ---8<--- abiessmann@azuregos % date Do 10. Mai 11:02:50 CEST 2012 abiessmann@azuregos % openssl version OpenSSL 1.0.1b 26 Apr 2012 abiessmann@azuregos % openssl s_client -connect banking.postbank.de:443 CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 320 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- --->8--- (the same for all boxes which use 1.0+ release)My questions: * can anyone confirm this behaviour (it seems other hosts are working with openssl 1.0+, but not the banking.postbank.de)? * can anyone give me a hint how to track this down?
I happen to get the same behaviour behind our firewall when ECDHE-whatever is negociated as the ciphersuite. The FW drops the connection, resulting in this "errno=104" error. Try to limit the set of ciphersuites in your client.
-- Erwann ABALEA ----- Lu sur alt.france : Peut-on installer Win 95 par dessus win 95 tout en gardant les differents données des logiciels fonctionnant auparavant sur wwin 95 ? -+- JMT in : Guide du neuneu d'Usenet - Neuneu persiste et signe -+- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
