Hi everyone, I have several servers at different locations and some of them just won't connect to e.g. rapidshare.com while others do without problem. All servers have the same setup running Ubuntu 10.04. This is the command I use: openssl s_client -ssl3 -connect rs867tl3.rapidshare.com:443 -prexit This is the response I get when the ssl connection fails: CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 0 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None Start Time: 1310026208 Timeout : 7200 (sec) Verify return code: 0 (ok) --- And this is what I get from servers where everything works find: CONNECTED(00000003) depth=3 /C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root verify error:num=19:self signed certificate in certificate chain verify return:0 --- Certificate chain 0 s:/C=CH/postalCode=6330/ST=Zug/L=Cham/streetAddress=Gewerbestr. 6/O=RapidShare AG/OU=IT/OU=Premium SSL Wildcard/CN=*.rapidshare.com i:/C=DE/O=WebSpace-Forum, Thomas Wendt/CN=WebSpace-Forum Server CA 1 s:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 2 s:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root 3 s:/C=DE/O=WebSpace-Forum, Thomas Wendt/CN=WebSpace-Forum Server CA i:/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware --- Server certificate -----BEGIN CERTIFICATE----- MIIEyzCCA7OgAwIBAgIQSJh4Z3fb5eRgxa32KDMcZTANBgkqhkiG9w0BAQUFADBX MQswCQYDVQQGEwJERTElMCMGA1UEChMcV2ViU3BhY2UtRm9ydW0sIFRob21hcyBX ZW5kdDEhMB8GA1UEAxMYV2ViU3BhY2UtRm9ydW0gU2VydmVyIENBMB4XDTA5MTAx MjAwMDAwMFoXDTEyMTAxMTIzNTk1OVowgbAxCzAJBgNVBAYTAkNIMQ0wCwYDVQQR EwQ2MzMwMQwwCgYDVQQIEwNadWcxDTALBgNVBAcTBENoYW0xFjAUBgNVBAkTDUdl d2VyYmVzdHIuIDYxFjAUBgNVBAoTDVJhcGlkU2hhcmUgQUcxCzAJBgNVBAsTAklU MR0wGwYDVQQLExRQcmVtaXVtIFNTTCBXaWxkY2FyZDEZMBcGA1UEAxQQKi5yYXBp ZHNoYXJlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsDRDSgfoMzjK aNTP9fmBDugDGMAyXNJE2PeyK3LVfKBoOdjfoPd/U2SmyaNQ33DsR6tZnOAlENak Rjxh0+Sy2l6lXfoN+MhihFgpSdcEQromfkZH9EcsnhA+bTlmmn6sncTU65CiDuVX CdNBbOGmKiig4j7VkmacbgZQ+u/KNC0CAwEAAaOCAbswggG3MB8GA1UdIwQYMBaA FCCSBeI5BGWHq7AUFA7yDPSMWawVMB0GA1UdDgQWBBTNKZM9ejxo2ZT/EwzXloSv MHDk2TAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr BgEFBQcDAQYIKwYBBQUHAwIwQwYDVR0gBDwwOjA4BgorBgEEAYHOdwEBMCowKAYI KwYBBQUHAgEWHGh0dHA6Ly9jcHMud2Vic3BhY2UtZm9ydW0uZGUwRwYDVR0fBEAw PjA8oDqgOIY2aHR0cDovL2NybC53ZWJzcGFjZS1mb3J1bS5kZS9XZWJTcGFjZUZv cnVtU2VydmVyQ0EuY3JsMH0GCCsGAQUFBwEBBHEwbzBCBggrBgEFBQcwAoY2aHR0 cDovL2NydC53ZWJzcGFjZS1mb3J1bS5kZS9XZWJTcGFjZUZvcnVtU2VydmVyQ0Eu Y3J0MCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC53ZWJzcGFjZS1mb3J1bS5kZTAr BgNVHREEJDAighAqLnJhcGlkc2hhcmUuY29tgg5yYXBpZHNoYXJlLmNvbTANBgkq hkiG9w0BAQUFAAOCAQEAbEmZ9/LWBB32HXmcWZdn49f8xWkiTU8k/0WEW6KmtOUZ C9s2ctAxMg05XWIKVxLqC4iqbUQkKS+yr16GS6SidFHtWu2NILXtaz8p6aJFDQB4 UWhhI0LDnbAS0AVKkSOkclOsTn+qbeBjAaSSknzhuR/yFuaEhn9X4CGDfW+UCnGm hN3Im1O9xuGL2RnDwtoB4h+io2m0uqbYwosfJrk2N/QZg6Du+5xIssCOouY5tbto BnPq2tuk8drvxJy+P9ykDWbqIm9HPeKhlBpLKV+/X0jN1hV7K3m02yZxh3DBMmtk d/VTVG+U29Xe6qegiLJ5k6kzlkCoNG6/KEGizJcIOA== -----END CERTIFICATE----- subject=/C=CH/postalCode=6330/ST=Zug/L=Cham/streetAddress=Gewerbestr. 6/O=RapidShare AG/OU=IT/OU=Premium SSL Wildcard/CN=*.rapidshare.com issuer=/C=DE/O=WebSpace-Forum, Thomas Wendt/CN=WebSpace-Forum Server CA --- No client certificate CA names sent --- SSL handshake has read 4948 bytes and written 301 bytes --- New, TLSv1/SSLv3, Cipher is AES256-SHA Server public key is 1024 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : SSLv3 Cipher : AES256-SHA Session-ID: 14983A9C958DF71D754837ACCD8DF18341B152049FC1A7293020300D6B94B79F Session-ID-ctx: Master-Key: 7F6040A7A7505052C1D7C5D5254F98A2AFC11EC4D286583F1AA031CAC4D642B7170DCE5755E00DDB3CC2ACE2F3ACC2C6 Key-Arg : None Start Time: 1310026379 Timeout : 7200 (sec) Verify return code: 19 (self signed certificate in certificate chain) --- I have no clue why two identical servers give me different results and I'm glad for any help. Best Regards, tobobant
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
|
- Handshake fails for unknown reason Tobobant
-
