It doesn't appear that an SSL handshake is being done. Can you add a '-debug'
to get a raw trace of the protocol? Is the server responding at all?
For example, when I run openssl s_client against my server, I see the
certificate exchange. I would expect the same for your server - you should see
something like this:
$ openssl s_client -connect 127.0.0.1:5671
CONNECTED(00000003)
depth=0 CN = A1.Good.Server.domain.com, O = Server
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = A1.Good.Server.domain.com, O = Server
verify error:num=27:certificate not trusted
verify return:1
depth=0 CN = A1.Good.Server.domain.com, O = Server
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/CN=A1.Good.Server.domain.com/O=Server
i:/CN=Trusted.CA.com/O=Trust Me Inc.
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC5TCCAqOgAwIBAgIEGK67vDALBgcqhkjOOAQDBQAwMTEXMBUGA1UEAxMOVHJ1
c3RlZC5DQS5jb20xFjAUBgNVBAoTDVRydXN0IE1lIEluYy4wIBcNMTMwMzIwMTU0
NzAzWhgPMjI4NzAxMDIxNTQ3MDNaMDUxIjAgBgNVBAMTGUExLkdvb2QuU2VydmVy
LmRvbWFpbi5jb20xDzANBgNVBAoTBlNlcnZlcjCCAbcwggEsBgcqhkjOOAQBMIIB
HwKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9jVj6
v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX58ao
phUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8VIwvM
spK5gqLrhAvwWBz1AoGBAPfhoIXWmz3ey7yrXDa4V7l5lK+7+jrqgvlXTAs9B4Jn
UVlXjrrUWU/mcQcQgYC0SRZxI+hMKBYTt88JMozIpuE8FnqLVHyNKOCjrh4rs6Z1
kW6jfwv6ITVi8ftiegEkO8yk8b6oUZCJqIPf4VrlnwaSi2ZegHtVJWQBTDv+z0kq
A4GEAAKBgGd51fWwKIVM6wIsVk0vo86Hq3q2gxlP0STl/EzEBew9buSMXPCqQvQI
hw/Ud6/f/Q0KxctPn8MqO++jCCSYMYH5d1ME85X9QM2mh4/xejYWQdUlqJKkHPo6
MbLgEfQY7UxXxMq9Ekij/T6MyS1Rd9xwCCf2wJhjV6Jq35KplnWMo0IwQDAdBgNV
HQ4EFgQUlZgov7xbp4kcuwMI7d7AAz4DH8YwHwYDVR0jBBgwFoAUqxC+jvigfpiR
6M3fb6XppgGxFJYwCwYHKoZIzjgEAwUAAy8AMCwCFBTG8MXcRKCTW6gBKIjp23BG
WJfIAhRLFMZ4oYLsdCImFOl7/Hi3NdK9cw==
-----END CERTIFICATE-----
subject=/CN=A1.Good.Server.domain.com/O=Server
issuer=/CN=Trusted.CA.com/O=Trust Me Inc.
---
No client certificate CA names sent
---
SSL handshake has read 1637 bytes and written 438 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-DSS-AES256-SHA
Server public key is 1024 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DHE-DSS-AES256-SHA
Session-ID: 9C60527D31390057F3EA7C275BBEAA379D2AAAB6EED495E2540F245DC6AF7618
Session-ID-ctx:
Master-Key:
32FD8391E0F19C12CF34A258442BD6BFFC7DF3A78DE8DACE6F64910D6651B2FAB98ADB6ED4AA99F15BFC3F6D511DF24B
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket:
0000 - f7 ce 3f 50 5e a1 4d 63-ab e7 b7 67 ac d4 ca 26 ..?P^.Mc...g...&
0010 - f1 f4 28 4c 1f 07 fb 8c-df 69 43 51 db 7b 48 3a ..(L.....iCQ.{H:
0020 - 6f fd 21 71 f1 fd 89 4a-a2 8f 68 a4 80 af 94 90 o.!q...J..h.....
0030 - 77 c7 85 a4 0d f7 f6 1a-42 9f cc 90 21 82 55 03 w.......B...!.U.
0040 - d7 e0 47 48 bf 8e d5 03-fc 45 ce 0c c7 3d ce 92 ..GH.....E...=..
0050 - bf 3d 5f 2c 0a e0 78 78-17 38 8b 03 05 a0 d1 d0 .=_,..xx.8......
0060 - fc b8 e9 4d 16 c5 1f b1-d8 7f 37 dd 48 47 40 14 ...M......7.HG@.
0070 - 9c 8d 55 0f d3 34 eb cb-b7 b0 02 67 1e bb 41 1d ..U..4.....g..A.
0080 - fc 97 1c cb df 11 7e 24-3c 6d de 07 cc cc a8 df ......~$<m......
0090 - f6 b9 77 72 2d 58 2a 80-bc 1f ae eb 5a d9 52 1f ..wr-X*.....Z.R.
Start Time: 1370961460
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
----- Original Message -----
> From: "atarutin" <tarutin_and...@mail.ru>
> To: proton@qpid.apache.org
> Sent: Tuesday, June 11, 2013 10:23:29 AM
> Subject: Re: Does Messenger API supports SSL?
>
> That is dump:
>
> CONNECTED(000004E4)
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 7 bytes and written 321 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> ---
>
>
> Could you please help me to understand this information?
>
>
>
> --
> View this message in context:
> http://qpid.2158936.n2.nabble.com/Does-Messenger-API-supports-SSL-tp7593987p7594013.html
> Sent from the Apache Qpid Proton mailing list archive at Nabble.com.
>
--
-K
