Re: [openssl-users] Can't connect to site, OpenSSL returns error
So why does it work for me? Well, who knows when the remote server wants to see SNI? It could be based on url, ipaddress, etc. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Can't connect to site, OpenSSL returns error
I tried this command openssl.exe s_client -connect ezfile.ch:443 And it returns this kind of error error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error I can not reproduce this. What version are you using? There is nothing wrong with that server, so it's most likely a problem with whatever you're using. Kurt It is weird that it worked for you. Anyway I found a way how to fix it (if I can call it a fix). The key is to provide a flag -servername to enable SNI (Server Name Indication). ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Can't connect to site, OpenSSL returns error
And it returns this kind of error error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error The site uses TLS 1.1, AES_128_CBC_SHA1, ECDHE-ECDSA. Perhaps there is a middlebox in the way that gets version negotiation wrong. Try adding the -tls1 flag. Flag -servername helped. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Can't connect to site, OpenSSL returns error
It is weird that it worked for you. Anyway I found a way how to fix it (if I can call it a fix). The key is to provide a flag -servername to enable SNI (Server Name Indication). It's not wrong to call it a fix. The server you are talking to is configured to require SNI, apparently. This is not an openssl issue/bug. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Can't connect to site, OpenSSL returns error
On Mon, Apr 27, 2015 at 02:39:08PM +, Salz, Rich wrote: It is weird that it worked for you. Anyway I found a way how to fix it (if I can call it a fix). The key is to provide a flag -servername to enable SNI (Server Name Indication). It's not wrong to call it a fix. The server you are talking to is configured to require SNI, apparently. So why does it work for me? This is not an openssl issue/bug. Right, the other end is sending that it has an internal error. There is little we can do about that. Kurt ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Can't connect to site, OpenSSL returns error
On Sun, Apr 26, 2015 at 07:05:11PM +0200, hub...@seznam.cz wrote: I tried this command openssl.exe s_client -connect ezfile.ch:443 And it returns this kind of error error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error I can not reproduce this. What version are you using? There is nothing wrong with that server, so it's most likely a problem with whatever you're using. Kurt I use latest precompiled openssl-1.0.2a-i386-win32. Weird. I have to investigate more then. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Can't connect to site, OpenSSL returns error
And it returns this kind of error error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error The site uses TLS 1.1, AES_128_CBC_SHA1, ECDHE-ECDSA. Perhaps there is a middlebox in the way that gets version negotiation wrong. Try adding the -tls1 flag. ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Can't connect to site, OpenSSL returns error
And it returns this kind of error error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error The site uses TLS 1.1, AES_128_CBC_SHA1, ECDHE-ECDSA. Perhaps there is a middlebox in the way that gets version negotiation wrong. Try adding the -tls1 flag. It returns this with -tls1. I use latest precompiled version openssl-1.0.2a-i386-win32. So you can't reproduce it? It is local then. CONNECTED(02FC) 3564:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:.\ss l\s3_pkt.c:1461:SSL alert number 80 3564:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:.\ssl\s3 _pkt.c:645: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1 Cipher: Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1430070431 Timeout : 7200 (sec) Verify return code: 0 (ok) ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Re: [openssl-users] Can't connect to site, OpenSSL returns error
On Sun, Apr 26, 2015 at 07:05:11PM +0200, hub...@seznam.cz wrote: I tried this command openssl.exe s_client -connect ezfile.ch:443 And it returns this kind of error error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error I can not reproduce this. What version are you using? There is nothing wrong with that server, so it's most likely a problem with whatever you're using. Kurt ___ openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users