OpenSSL version: openssl-1.0.0-1.fc13.i686 OS: Fedora 13 Server: Linksys WRT54G Firmware Version: v1.02.8
I'm attempting to use an OpenSSL application to communicate with a Linksys WRT54G router. The application indicates that it can't communicate with the router and gives an uninterpretable error message. Using openssl s_client to debug the communication indicates that OpenSSL is using TLS 1.0 handshaking. I've verified with Firefox that the Linksys doesn't support TLS 1.0 handshaking. If I attempt to disable TLS 1.0 handshaking in OpenSSL, I still get a handshaking error. Here is the s_client output with TLS 1.0 enabled: $ openssl s_client -serverpref -bugs -msg -debug -connect 192.168.0.1:443 CONNECTED(00000003) write to 0x833dc58 [0x8341bc8] (113 bytes => 113 (0x71)) 0000 - 16 03 01 00 6c 01 00 00-68 03 01 4c 9c d9 f6 a9 ....l...h..L.... 0010 - f5 f1 d7 b3 7c bd 4d a6-90 3f 58 4c 44 18 8e e5 ....|.M..?XLD... 0020 - c7 63 16 92 b9 35 5e 8a-3b 7b a5 00 00 3a 00 39 .c...5^.;{...:.9 0030 - 00 38 00 88 00 87 00 35-00 84 00 16 00 13 00 0a .8.....5........ 0040 - 00 33 00 32 00 9a 00 99-00 45 00 44 00 2f 00 96 .3.2.....E.D./.. 0050 - 00 41 00 05 00 04 00 15-00 12 00 09 00 14 00 11 .A.............. 0060 - 00 08 00 06 00 03 00 ff-02 01 00 00 04 00 23 ..............# 0071 - <SPACES/NULS> >>> TLS 1.0 Handshake [length 006c], ClientHello 01 00 00 68 03 01 4c 9c d9 f6 a9 f5 f1 d7 b3 7c bd 4d a6 90 3f 58 4c 44 18 8e e5 c7 63 16 92 b9 35 5e 8a 3b 7b a5 00 00 3a 00 39 00 38 00 88 00 87 00 35 00 84 00 16 00 13 00 0a 00 33 00 32 00 9a 00 99 00 45 00 44 00 2f 00 96 00 41 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 02 01 00 00 04 00 23 00 00 read from 0x833dc58 [0x8347128] (7 bytes => 7 (0x7)) 0000 - 15 03 00 00 02 02 28 ......( <<< SSL 3.0 Alert [length 0002], fatal handshake_failure 02 28 3077744348:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:674: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 113 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- Here is the s_client output when TLS 1.0 is disabled: $ openssl s_client -prexit -no_tls1 -msg -debug -connect 192.168.0.1:443 CONNECTED(00000003) write to 0x9c30c58 [0x9c34bc8] (107 bytes => 107 (0x6B)) 0000 - 16 03 00 00 66 01 00 00-62 03 00 4c 9c df be 3a ....f...b..L...: 0010 - c1 29 9b 8d 39 bb 46 57-ba a3 6a ce d7 06 c4 5f .)..9.FW..j...._ 0020 - db 11 7f 10 51 83 fa e2-96 22 59 00 00 3a 00 39 ....Q...."Y..:.9 0030 - 00 38 00 88 00 87 00 35-00 84 00 16 00 13 00 0a .8.....5........ 0040 - 00 33 00 32 00 9a 00 99-00 45 00 44 00 2f 00 96 .3.2.....E.D./.. 0050 - 00 41 00 05 00 04 00 15-00 12 00 09 00 14 00 11 .A.............. 0060 - 00 08 00 06 00 03 00 ff-02 01 .......... 006b - <SPACES/NULS> >>> SSL 3.0 Handshake [length 0066], ClientHello 01 00 00 62 03 00 4c 9c df be 3a c1 29 9b 8d 39 bb 46 57 ba a3 6a ce d7 06 c4 5f db 11 7f 10 51 83 fa e2 96 22 59 00 00 3a 00 39 00 38 00 88 00 87 00 35 00 84 00 16 00 13 00 0a 00 33 00 32 00 9a 00 99 00 45 00 44 00 2f 00 96 00 41 00 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 06 00 03 00 ff 02 01 00 read from 0x9c30c58 [0x9c3a128] (7 bytes => 7 (0x7)) 0000 - 15 03 00 00 02 02 28 ......( <<< SSL 3.0 Alert [length 0002], fatal handshake_failure 02 28 3078403804:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:674: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 107 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 107 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- User of the -bugs option doesn't change the output. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org