> http://rt.openssl.org/Ticket/Display.html?id=266&user=guest&pass=guest
>
> of support for an https proxy CONNECT command but I don't see it in the
> documentation https://www.openssl.org/docs/apps/s_client.html
It's not implemented yet.
On Thu, Aug 7, 2014 at 5:29 PM, Dr. Stephen Henson wrote:
> On Thu, Aug 07, 2014, Jeffrey Walton wrote:
>
>> I'm trying to track down a client side issue with the use of HTTPS. I
>> suspect it has something to do with a server misconfiguration and
>> client side certificates.
>>
>> When running s_
On Thu, Aug 7, 2014 at 4:57 PM, Kyle Hamilton wrote:
> Usually you don't need to echo anything to get the "acceptable client CA
> names" list.
Thanks.
In this case, its IIS 7.5 and its *not* using SNI (SNI is available in
IIS 8). So I get a 400 "bad request" without the host header.
Jeff
> On 8
On Thu, Aug 07, 2014, Jeffrey Walton wrote:
> I'm trying to track down a client side issue with the use of HTTPS. I
> suspect it has something to do with a server misconfiguration and
> client side certificates.
>
> When running s_client:
>
> $ echo -e "GET / HTTP/1.1\nHost:example.com\n" | \
>
Usually you don't need to echo anything to get the "acceptable client CA
names" list.
-Kyle H
On 8/7/2014 1:55 PM, Jeffrey Walton wrote:
> I'm trying to track down a client side issue with the use of HTTPS. I
> suspect it has something to do with a server misconfiguration and
> client side certif
I see, Thank you!
2014-07-18 14:16 GMT+08:00 Thulasi Goriparthi
:
> Version that is sent by Client in Client Hello may not necessarily be the
> version of communication. It gets adjusted with what Server can support.
>
> In your case, as you force the server to support only TLSv1, communication
Version that is sent by Client in Client Hello may not necessarily be the
version of communication. It gets adjusted with what Server can support.
In your case, as you force the server to support only TLSv1, communication
protocol gets adjusted to TLSv1(03 01) even though client supports
TLSv1.2(0
On Tue, Jun 03, 2014 at 01:11:33PM +0200, Matthias Apitz wrote:
> 200 SLNP CATserver@version:4.3@user:sisis@ssl:true
s_client supports the imap, smtp and possibly xmpp variants of
"-starttls". If none of these protocols are sufficiently close
to your servers, you'll have to modify s_client sourc
Maybe DNS Server, aix is using a different DNS server?
Sent from my iPhone, Rod
On Jul 5, 2013, at 4:36 PM, "Graham, Dave" wrote:
> I have a need to periodically extract a certificate from another automated
> process and not being a Windows programmer (I work in a different programming
> disc
On Wed, Feb 20, 2013 at 4:10 PM, Andreas Mattheiss
wrote:
>
> s_client doesn't like pipes
This works well for me:
$ echo "GET / HTTP1.0" | openssl s_client -connect example.com:443
It looks like you need something more like a response file.
Jeff
___
Thanks for the response!
-Original Message-
From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org]
On Behalf Of Dr. Stephen Henson
Sent: Tuesday, October 02, 2012 3:39 AM
To: openssl-users@openssl.org
Subject: Re: s_client signature_algorithm extension
On Mon
On Mon, Oct 01, 2012, Abhiram Shandilya wrote:
> Is there a way to add a specific signature_algorithm extension when using
> s_client to connect to an SSL server? Why does s_client negotiate
> ECDH-RSA-AES128-SHA256 when I use the cipher ECDH-ECDSA-AES128-SHA256? Is
> this because they are equival
rom: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Igor Galic
> Sent: Monday, June 06, 2011 12:52 PM
> To: openssl-users@openssl.org
> Subject: Re: s_client
>
>
>
> - Original Message -
> > Trying to use the "openss
- Original Message -
> Trying to use the "openssl s_client" utility to test an https page.
> I
> am able to connect, and to perform a GET and see pages, but I can't
> make
> a POST work. I try to do something like:
Having established that GET works via SSL, why not use something like
Joe Friedeggs writes:
> I'm pretty much a noob when it comes to SSL, so any help would be
> greatly appreciated. I just installed Openldap running TLS with self
> signed certs. Everything *seems* to be working fine (LDAP logs show
> TLS encryption), but when I run the s_client from the LDAP (Li
On Mon, 2009-02-09 at 15:10 +0100, Anders Lund wrote:
> Hi again,
>
> I've finally found a solution for this problem. This is related to
> sertificates of more than 1024 bits, and this hotfix solve the problem:
>
> http://support.microsoft.com/kb/955610/no
I wrote "bits", but I see now tha
Hi again,
I've finally found a solution for this problem. This is related to
sertificates of more than 1024 bits, and this hotfix solve the problem:
http://support.microsoft.com/kb/955610/no
- Anders
On Mon, 2009-02-09 at 11:44 +0100, Anders Lund wrote:
> Hi,
>
> I'm having difficulti
Hello,
[EMAIL PROTECTED] wrote on 04/28/2008 04:03:02 PM:
> Hello,
>
> I would like to know how to hold a requisition s_client GET https that
the server was connected ??
>
> Ex:
> "GET /Nfe/services/NfeStatusServico?wsdl HTTP/1.1\r\nHost:
hnfe.sefaz.es.gov.br\r
> \nConnection: Keep-Alive\r\nA
I am not sure about this stuff however!
- Original Message
From: rfx <[EMAIL PROTECTED]>
To: openssl-users@openssl.org
Sent: Monday, February 25, 2008 12:25:24 PM
Subject: Re: S_client
"Use
browser
directly
(you
don't
have
to
use
openssl
s_client)
and
point
t
"Use browser directly (you don't have to use openssl
s_client) and point the URL tab to your web server's
IP or DName"
Many reason to do like this :
1) I use a smartcard with PKCS11 engine, so normaly to use it, i must
install a pack.
2) Internet Explorer can use it directly but firefox must to
NULL
.
After is SSL handshake
Hope it could help.
Fred
-Original Message-
From: [EMAIL PROTECTED] on behalf of Hans Moser
Sent: Tue 3/1/2005 11:41 AM
To: openssl-users@openssl.org
Cc:
Subject: Re: s_client handshake failure [auf Viren überprüft]
Hans Moser sc
Hans Moser schrieb das Folgende am 25.02.2005 13:51:
[EMAIL PROTECTED] schrieb das Folgende am 24.02.2005 20:16:
I think your ldap server is NOT running TLS.
Here is my ldapsearch debug output, including
"TLS trace: SSL_connect:SSLv3 read server certificate A":
[EMAIL PROTECTED]:/ldap> bin/ldapsear
[EMAIL PROTECTED] schrieb das Folgende am 24.02.2005 20:16:
I think your ldap server is NOT running TLS.
Here is my ldapsearch debug output, including
"TLS trace: SSL_connect:SSLv3 read server certificate A":
[EMAIL PROTECTED]:/ldap> bin/ldapsearch -Z -x -d -1 -h localhost:666
ldap_create
ldap_url_
er dose not respond to the client hello message and close the
connection.
Fred
-Original Message-
From: [EMAIL PROTECTED] on behalf of Hans Moser
Sent: Wed 2/23/2005 4:14 PM
To: openssl-users@openssl.org
Cc:
Subject: Re: s_client handshake failure [auf Viren überpr
[EMAIL PROTECTED] schrieb das Folgende am 23.02.2005 20:34:
First of all the HEX line are important because they contained information
about the connection (SSL protocol layer: record, alert etc...), in fact in
acts as -msg option (openssl 0.9.7e).
My fault. But I had to retype it, because there's
Sent: Wed 2/23/2005 4:14 PM
To: openssl-users@openssl.org
Cc:
Subject: Re: s_client handshake failure [auf Viren überprüft]
[EMAIL PROTECTED] schrieb das Folgende am 23.02.2005 12:09:
> Hi,
>
> You can specify the protole to use with -ssl3 or -tls1 otherwise s_client
[EMAIL PROTECTED] schrieb das Folgende am 23.02.2005 12:09:
Hi,
You can specify the protole to use with -ssl3 or -tls1 otherwise s_client
send a ssl v2 client hello. Moreover some debug info with -state or -debug
could be usefull to find what happened. ;)
# openssl s_client -connect localhost:666
Hi,
You can specify the protole to use with -ssl3 or -tls1 otherwise s_client send
a ssl v2 client hello. Moreover some debug info with -state or -debug could be
usefull to find what happened. ;)
Hope it could help.
Fred
-Original Message-
From: [EMAIL PROTECTED] on behalf of Hans
On Thu, Aug 28, 2003 at 03:31:12PM +0200, Leif Kremkow wrote:
> Hi,
>
> are there any known issues between OpenSSL and MS Exchange 2000?
>
> I'm trying to do a few tests using OpenSSL like so:
> openssl s_client -host servername -port 25 -starttls smtp
>
> But all I get is:
> CONNECTED(0003)
Griff McClellan <[EMAIL PROTECTED]>:
> I've got s_client running on Windows 98. I want to know what cipher and
> message digest protocols it uses by default.
It uses the DEFAULT ciphers :-)
To find out what these are, run 'openssl ciphers DEFAULT'
(actually DEFAULT may be omitted -- you probab
Hi,
I'm configuring the apache mod-ssl. When i try the connection via
netscape broswer, i get this error message:
The server's certificate has an invalid signature. You will not be able to
connect to this site securely.
At the same time, in the error_log file:
[Wed Feb 23 05:36:52 2000] [error
md5 wrote:
>
> Hello,
>
> I'm trying to figure out how to get s_client to present a client side
> certificate when requested by and IIS web server.
>
> so i believe the following syntax should work:
>
> OpenSSL>s_client -cert myCert.cer -key myPriv.key -connect
> www.host.com:443
>
> My probl
maybe s_client can go on without CA cert, but the s_server need one,
otherwise it will exit at
"if ((!SSL_CTX_load_verify_locations(ctx,CAfile,CApath)) ||
(!SSL_CTX_set_default_verify_paths(ctx)))"(line634 of s_server)
I should offer a CAfile option for s_server, so that it can begin to
accept
jackie schrieb:
>
> When I tried the s_client and s_server, I couldn't find the CAfile which
> is expected to authenticate the server.pem and client.pem,and the
> doc\ssleay.txt is talking about some files
> that doesn't exist.
> So I have to create everything (ca cert,server cert,client cert) o
Michael Helm <[EMAIL PROTECTED]>:
> Bodo Moeller:
>> [...] I think for Stronghold you just append to your certificate file
>> the CA certificates that you want to use.
> I think we have done that latter step. Any suggestions about where
> I'd find out how to do this correctly? Probably not
Bodo Moeller writes:
> library still builds the chain automatically when the CA certificate
> is also configured as a trusted certificate for client authentication
I don't think that I've done this (certainly not using client cert
based auth. at the present time). Not sure about other apache
se
36 matches
Mail list logo
