Sorry for top-posting - still getting used to this webmail: The only way I can see that the server is "reponsible" for this behaviour is the certificate you are providing. Has that expired or been invalidated in any way at the client?
Carl From: owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] on behalf of Jeremy Bratton [yer...@gmail.com] Sent: 08 November 2012 04:58 To: openssl-users@openssl.org Subject: Re: Getting "OpenSSL: Exit: error in SSLv3 read client certificate A" when client connects I now have an ssldump of an incoming connection. I think it shows the client is closing the connection before the handshake is even complete. Is there any way the server is responsible for this behavior? Thanks. New TCP connection #4: xxxxx.com(12900) <-> a.b.c.d(443) 4 1 0.0362 (0.0362) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA compression methods NULL 4 2 0.0365 (0.0003) S>C Handshake ServerHello Version 3.1 session_id[32]= 4c 37 df 98 4e c2 6d 26 28 23 67 4e ab 79 fd 4d f7 a8 e0 7e d8 47 37 38 c8 cc 06 db 43 f1 e3 a0 cipherSuite TLS_RSA_WITH_RC4_128_MD5 compressionMethod NULL 4 3 0.0365 (0.0000) S>C Handshake Certificate 4 4 0.0365 (0.0000) S>C Handshake ServerHelloDone 4 0.0600 (0.0234) C>S TCP FIN 4 0.0602 (0.0002) S>C TCP FIN On Tue, Nov 6, 2012 at 8:35 AM, Jeremy Bratton <yer...@gmail.com> wrote: I'm using OpenSSL 0.9.8o 01 Jun 2010 on Debian 6.0.2. Client verification is disabled. I've written a SOAP server app that uses SSL. The only client that connects to it is completely out of my control. Though there have been no changes on either end that I'm aware of, the client is no longer able to connect to the server. I can see from the error message that something is going wrong during the SSL handshake, but I have no idea what (the actual server uses ruby & soap4r). I'm just getting the error message "SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client certificate A" I set up apache on the server and was able to get a more detailed error message which is at http://pastebin.com/vvnLi9BQ Basically, it seems like the client is sending an EOF before the handshake is complete, but I've been assured that the client is working just as it's always been. Also this client connects to several other companies' servers and I believe they're all still working correctly. I'm pretty sure the client is written in Java in case that matters. I can connect to the server with a browser just fine. Is this a common issue? Any suggestions for a fix or work-around? A web search hasn't turned up much of anything. Thanks, Jeremy______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org