It is not a firewall issue, I checked this from outside firewall. The strange part of the problem is it does not happen always, it works intermittently.
[root@gateway bin]# openssl s_client -bugs -connect test.mydomain.com:443 -msg -state CONNECTED(00000003) SSL_connect:before/connect initialization >>> SSL 2.0 [length 0067], CLIENT-HELLO 01 03 01 00 4e 00 00 00 10 00 00 39 00 00 38 00 00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f 03 00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00 12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08 00 00 06 04 00 80 00 00 03 02 00 80 00 00 ff c6 89 a6 e3 3e 51 4c 4b d9 e2 c4 29 01 63 54 06 SSL_connect:SSLv2/v3 write client hello A It simply hangs after this. * Here "test.mydomain.com" is not real it is used for posting. On Tue, Sep 11, 2012 at 7:02 PM, Aleksandr Konstantinov <aleksandr.konstanti...@fys.uio.no> wrote: > On Tuesday 11 September 2012, Supratik Goswami wrote: >> Is there no one in the community who can help me to find the cause of >> the problem ? > > Maybe You have firewall issues on "office IP" macine. Have You tried tcpdump > or > similar utility to check if there is something being sent/received? > > Regards, > > A.K. > > >> >> On Tue, Sep 4, 2012 at 7:21 PM, Supratik Goswami >> <supratiksek...@gmail.com> wrote: >> > I am using OpenSSL version : openssl-1.0.0j in our production. >> > >> > I am facing a strange problem where the SSL connection simply hangs >> > during initial handshake when requested from our office IP address. >> > When I run the same command from another IP address it works fine. >> > >> > From office IP (Unsuccessful connection): >> > >> > [root@gateway ]# openssl s_client -connect test.mydomain.com:443 >> > CONNECTED(00000003) >> > >> > >> > From a different IP (Successful connection): >> > >> > ubuntu@ip-10-0-0-10 (Development):~$ openssl s_client -connect >> > test.mydomain.com:443 >> > CONNECTED(00000003) >> > depth=3 /L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert >> > Class 2 Policy Validation >> > Authority/CN=http://www.valicert.com//emailAddress=i...@valicert.com >> > verify error:num=19:self signed certificate in certificate chain >> > verify return:0 >> > --- >> > Certificate chain >> > 0 s:/O=*.mydomain.com/OU=Domain Control Validated/CN=*.mydomain.com >> > i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, >> > Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure >> > Certification Authority/serialNumber=07969287 >> > 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, >> > Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure >> > Certification Authority/serialNumber=07969287 >> > i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 >> > Certification Authority >> > 2 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 >> > Certification Authority >> > i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class >> > 2 Policy Validation >> > Authority/CN=http://www.valicert.com//emailAddress=i...@valicert.com >> > 3 s:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class >> > 2 Policy Validation >> > Authority/CN=http://www.valicert.com//emailAddress=i...@valicert.com >> > i:/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class >> > 2 Policy Validation >> > Authority/CN=http://www.valicert.com//emailAddress=i...@valicert.com >> > --- >> > Server certificate >> > -----BEGIN CERTIFICATE----- >> > >> > REMOVED FOR SECURITY REASON >> > >> > -----END CERTIFICATE----- >> > subject=/O=*.mydomain.com/OU=Domain Control Validated/CN=*.mydomain.com >> > issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, >> > Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure >> > Certification Authority/serialNumber=07969287 >> > --- >> > No client certificate CA names sent >> > --- >> > SSL handshake has read 4827 bytes and written 435 bytes >> > --- >> > New, TLSv1/SSLv3, Cipher is RC4-SHA >> > Server public key is 2048 bit >> > Secure Renegotiation IS supported >> > Compression: NONE >> > Expansion: NONE >> > SSL-Session: >> > Protocol : TLSv1 >> > Cipher : RC4-SHA >> > Session-ID: >> > 276ADBFB75336E7E870C5E109B4C5F6AFB8328C8775029EF135C5DA6F8608533 >> > Session-ID-ctx: >> > Master-Key: >> > 22B470A67XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXB50ED6237BE9 >> > Key-Arg : None >> > Start Time: 1346765613 >> > Timeout : 300 (sec) >> > Verify return code: 19 (self signed certificate in certificate chain >> > >> > >> > >> > Any ideas ? >> > >> > >> > -- >> > Warm Regards >> > >> > Supratik >> >> >> > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org -- Warm Regards Supratik ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org