I now have an ssldump of an incoming connection. I think it shows the client is closing the connection before the handshake is even complete. Is there any way the server is responsible for this behavior? Thanks.
New TCP connection #4: xxxxx.com(12900) <-> a.b.c.d(443) 4 1 0.0362 (0.0362) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA compression methods NULL 4 2 0.0365 (0.0003) S>C Handshake ServerHello Version 3.1 session_id[32]= 4c 37 df 98 4e c2 6d 26 28 23 67 4e ab 79 fd 4d f7 a8 e0 7e d8 47 37 38 c8 cc 06 db 43 f1 e3 a0 cipherSuite TLS_RSA_WITH_RC4_128_MD5 compressionMethod NULL 4 3 0.0365 (0.0000) S>C Handshake Certificate 4 4 0.0365 (0.0000) S>C Handshake ServerHelloDone 4 0.0600 (0.0234) C>S TCP FIN 4 0.0602 (0.0002) S>C TCP FIN On Tue, Nov 6, 2012 at 8:35 AM, Jeremy Bratton <yer...@gmail.com> wrote: > I'm using OpenSSL 0.9.8o 01 Jun 2010 on Debian 6.0.2. Client > verification is disabled. > > > I've written a SOAP server app that uses SSL. The only client that > connects to it is completely out of my control. Though there have been no > changes on either end that I'm aware of, the client is no longer able to > connect to the server. I can see from the error message that something is > going wrong during the SSL handshake, but I have no idea what (the actual > server uses ruby & soap4r). I'm just getting the error message "SSL_accept > SYSCALL returned=5 errno=0 state=SSLv3 read client certificate A" > > > I set up apache on the server and was able to get a more detailed error > message which is at http://pastebin.com/vvnLi9BQ > > > Basically, it seems like the client is sending an EOF before the handshake > is complete, but I've been assured that the client is working just as it's > always been. Also this client connects to several other companies' servers > and I believe they're all still working correctly. I'm pretty sure the > client is written in Java in case that matters. > > > I can connect to the server with a browser just fine. > > > Is this a common issue? Any suggestions for a fix or work-around? A web > search hasn't turned up much of anything. > > > Thanks, > > Jeremy > >