Furthermore, I run "openssl s_client -connect IP:port" for the bridge may get a CONNECTED(00000003) and permenant hang, but I do it for bridges.torproject.org:443, after CONNECTED(00000003), I can get information like below immediately: ================================================================= depth=0 /serialNumber=aUVt2jpYrUSfuqm7lWOF81xG9CFh9r1-/C=US/O=*. torproject.org/OU=GT86487530/OU=See www.rapidssl.com/resources/cps(c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*. torproject.org verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /serialNumber=aUVt2jpYrUSfuqm7lWOF81xG9CFh9r1-/C=US/O=*. torproject.org/OU=GT86487530/OU=See www.rapidssl.com/resources/cps(c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*. torproject.org verify error:num=27:certificate not trusted verify return:1 depth=0 /serialNumber=aUVt2jpYrUSfuqm7lWOF81xG9CFh9r1-/C=US/O=*. torproject.org/OU=GT86487530/OU=See www.rapidssl.com/resources/cps(c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*. torproject.org verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/serialNumber=aUVt2jpYrUSfuqm7lWOF81xG9CFh9r1-/C=US/O=*. torproject.org/OU=GT86487530/OU=See www.rapidssl.com/resources/cps(c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*. torproject.org i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority --- Server certificate -----BEGIN CERTIFICATE----- MIIDXTCCAsagAwIBAgIDD4pqMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0 aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTAwMjI1MDEzNzI5WhcNMTEwMjI3MDYyMDMw WjCB5zEpMCcGA1UEBRMgYVVWdDJqcFlyVVNmdXFtN2xXT0Y4MXhHOUNGaDlyMS0x CzAJBgNVBAYTAlVTMRkwFwYDVQQKFBAqLnRvcnByb2plY3Qub3JnMRMwEQYDVQQL EwpHVDg2NDg3NTMwMTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNvbS9yZXNv dXJjZXMvY3BzIChjKTEwMS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBWYWxpZGF0 ZWQgLSBSYXBpZFNTTChSKTEZMBcGA1UEAxQQKi50b3Jwcm9qZWN0Lm9yZzCBnzAN BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu/zFwQPQQ5znAF25kxcf1OGHUhdJExQB svfi2kov0L/tqCw53++zJ5iQjIfTx+hbixEJIv+u6XDu9WKl1FtyZkV/CcrRp0oC p07SDK1uRd09Chvws7MGJi4I+rcIzhu3tNDLXQHMcLjz5v+2cdnA/jKKWbeUatMd uYSaTrM+09kCAwEAAaOBrjCBqzAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0OBBYEFJCL ANJ+x/1iMVb4KTCYWWZiZJtuMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwu Z2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsMB8GA1UdIwQYMBaAFEjmaPkr 0rKV10fYIyAQTzOYkJ/UMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAN BgkqhkiG9w0BAQUFAAOBgQBk5qPU6HAByBgD5XMDtA2w/NLXEVm9o/xCtPBpfl7u 8LvnL/WqBPvHhH77V8dU7l73wbdqbe3eNHrm5xu7WxKVrBeq4qz5uoi2/vHEJ9/+ vGPpVMHzHMnUFpJWxoARy5dNp2QHSngOs8fCXvtNwb1d7iLn18oWPuk1bn6uMI9x 7w== -----END CERTIFICATE----- subject=/serialNumber=aUVt2jpYrUSfuqm7lWOF81xG9CFh9r1-/C=US/O=*. torproject.org/OU=GT86487530/OU=See www.rapidssl.com/resources/cps(c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*. torproject.org issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority --- No client certificate CA names sent --- SSL handshake has read 1429 bytes and written 316 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 6C10366E7BB529BF9F4EAE5E851A1918E1634F79E36536812B4D5D12E14F2BB1 Session-ID-ctx: Master-Key: 30F830369A5662636957D5E1AB733AE590F019A9A0245BC6DDB60D32521C022FFABD7C6BA30DE6B9C16D780398433492 Key-Arg : None Start Time: 1267331357 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- ===============================================================
Best Regards Brent 2010/2/28 Peng Zhou <zpbr...@gmail.com> > The result of "openssl s_client -connect IP:port" is CONNECTED(00000003) > > And I can use Gmail via https successfully, I also can access > https://bridges.torproject.org/ successfully too :-) > > 2010/2/28 Andrew Lewman <and...@torproject.org> > > On 02/27/2010 09:41 AM, Peng Zhou wrote: >> > Previously, I use the network from HongKong Polytechnical University >> > (I don't know who is the ISP for HK PolyU), when I try to connect with >> Tor. >> > via bridge 74.207.232.33:443, I have found its TCP handshaking works >> fine, >> > but SSL handshaking is blocked (A packet for SSL client Hello is sent to >> > 74.207.232.33, but the bridge never gives me reponse): >> >> This could also mean the bridge is offline. If you can "openssl >> s_client -connect IP:port", does this work? >> >> Is ssl to say, gmail, or taobao also messed up? >> >> -- >> Andrew Lewman >> The Tor Project >> pgp 0x31B0974B >> >> Website: https://torproject.org/ >> Blog: https://blog.torproject.org/ >> Identi.ca: torproject >> *********************************************************************** >> To unsubscribe, send an e-mail to majord...@torproject.org with >> unsubscribe or-talk in the body. http://archives.seul.org/or/talk/ >> > >