RE: [EXTERNAL] Re: SSL error (78c0100): malloc failure while implementing tls 1.3

_ From: Ramaiah, Ravichandran Bagalur Sent: Wednesday, June 29, 2022 12:55 PM To: Matt Caswell ; openssl-users@openssl.org Subject: RE: [EXTERNAL] Re: SSL error (78c0100): malloc failure while implementing tls 1.3 Hi Matt, Below is the error I got

RE: [EXTERNAL] Re: SSL error (78c0100): malloc failure while implementing tls 1.3

; openssl-users@openssl.org Subject: [EXTERNAL] Re: SSL error (78c0100): malloc failure while implementing tls 1.3 On 16/06/2022 05:52, Ramaiah, Ravichandran Bagalur wrote: > > *SSL error (78c0100): malloc failure Do you get anything in the OpenSSL error stack for this (e.g. try "ERR_prin

Re: SSL error (78c0100): malloc failure while implementing tls 1.3

On 16/06/2022 05:52, Ramaiah, Ravichandran Bagalur wrote: *SSL error (78c0100): malloc failure Do you get anything in the OpenSSL error stack for this (e.g. try "ERR_print_errors_fp(stdout);"). We need a bit more to go on to figure out where specifically the malloc failure is

RE: SSL error (78c0100): malloc failure while implementing tls 1.3

To: openssl-users@openssl.org Subject: SSL error (78c0100): malloc failure while implementing tls 1.3 Hi All, I'm trying to implement tls 1.3 support in my application. But I'm facing malloc failure error. Could you please help me understand why this error is happening? How to solve this issue

SSL error (78c0100): malloc failure while implementing tls 1.3

*SSL_SESSION_free ref *Session deleted on 2 *SSL3 alert write:fatal:internal error *SSL_accept:error in error *SSL error (78c0100): malloc failure *ERROR on SSL_read err=1 flag=0 *Initiating SSL shutdown I generated client and server certificates using below commands. And I used TLS_AES_128_GCM_SHA256

Re: [openssl-users] Is there any standard way of getting the error name from an SSL error?

>For example, I want the string "SSL_R_TOO_MANY_WARN_ALERTS" for an error with that value, not just the "too many alerts" description. You're correct, it's not done. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[openssl-users] Is there any standard way of getting the error name from an SSL error?

For example, I want the string "SSL_R_TOO_MANY_WARN_ALERTS" for an error with that value, not just the "too many alerts" description. I'm suspecting not, I don't see any use of #reason in ERR_REASON() or the macros it uses. -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] Open ssl error "hex string is too long invalid hex key value"

On 12/04/18 07:05, shagun maheshwari wrote: > Hi, > > We are getting an error "OpenSSL error hex string is too long invalid hex key > value" . OpenSSL version we are using is openssl-1.0.2k-8.el7. We have solved > this issue by applying a patch in openssl package suggested by openssl >

[openssl-users] Open ssl error "hex string is too long invalid hex key value"

Hi, We are getting an error "OpenSSL error hex string is too long invalid hex key value" . OpenSSL version we are using is openssl-1.0.2k-8.el7. We have solved this issue by applying a patch in openssl package suggested by openssl community

Re: [openssl-users] SSL error “inappropriate fallback” and TLS_FALLBACK_SCSV

On 2017-06-01 12:23, Michael Wojcik wrote: On the other hand, this doesn't really answer Florin's question of why the server sees so many clients falling back. If the load is bursty, it might be listen-queue dumping. I don't know if Nginx lets you configure the listen queue depth, but at some

Re: [openssl-users] SSL error “inappropriate fallback” and TLS_FALLBACK_SCSV

> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf > Of Salz, Rich via openssl-users > Sent: Thursday, June 01, 2017 14:44 > To: openssl-users@openssl.org > Subject: Re: [openssl-users] SSL error “inappropriate fallback” and > TLS_FALLBACK_SCSV &g

Re: [openssl-users] SSL error “inappropriate fallback” and TLS_FALLBACK_SCSV

> What I find surprising is the rate of these errors. For every 100 legitimate > HTTP requests that make it to Nginx, I get 2.5 “inappropriate fallback” SSL > errors. That's a lot of noise. > > I guess I'll have to adjust my expectations. That's not out of line with other measurements I've been

Re: [openssl-users] SSL error “inappropriate fallback” and TLS_FALLBACK_SCSV

On 2017-06-01 11:43, Salz, Rich via openssl-users wrote: Would clients actually attempt to send TLS_FALLBACK_SCSV even if the previous connection attempt failed for reasons other than TLS? If, say, the initial connection attempt failed at the TCP level? That sounds a little strange to me.

Re: [openssl-users] SSL error “inappropriate fallback” and TLS_FALLBACK_SCSV

> Would clients actually attempt to send TLS_FALLBACK_SCSV even if the > previous connection attempt failed for reasons other than TLS? If, say, the > initial connection attempt failed at the TCP level? That sounds a little > strange > to me. Yes they do. There are many badly written clients

Re: [openssl-users] SSL error “inappropriate fallback” and TLS_FALLBACK_SCSV

On 2017-06-01 02:13, Matt Caswell wrote: The presence of this error doesn't actually mean that you are under attack. It just means that the client made an earlier connection attempt with a higher version number and it failed. There could be many reasons for the failure. For example,

Re: [openssl-users] SSL error “inappropriate fallback” and TLS_FALLBACK_SCSV

On 01/06/17 02:58, Florin Andrei wrote: > It's a little puzzling because the exchange of crypto messages uses TLS > 1.0 which the server definitely supports, and the client should be very > likely to support too. > > I've seen discussions online saying that the presence of the >

[openssl-users] SSL error “inappropriate fallback” and TLS_FALLBACK_SCSV

:AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA'; ssl_prefer_server_ciphers on; I've verified with nmap and I get the same ssl-enum-ciphers list from Nginx. Now in the Nginx error log I get lots of lines like this: SSL_do_handshake() failed (SSL: error:140A1175:SSL

Re: [openssl-users] Help with ssl error

> On Apr 19, 2017, at 12:48 PM, Joseph Southwell > wrote: > > Sorry we did do that. It just didn’t look different so I didn’t send it > (pasted below). I also have asked for help from the server admin but it is a > non English speaking country and they don’t seem to

Re: [openssl-users] Help with ssl error

Sorry we did do that. It just didn’t look different so I didn’t send it (pasted below). I also have asked for help from the server admin but it is a non English speaking country and they don’t seem to be interested in talking to me. I have another product supposedly using OpenSSL that is

Re: [openssl-users] Help with ssl error

On Tue, Apr 18, 2017 at 05:06:40PM +, Viktor Dukhovni wrote: > The ClientHello decodes via tshark as: > > [...] > Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) > Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) > Cipher

Re: [openssl-users] Help with ssl error

Is there a way to enable one or both of those ciphers in OpenSSL? > On Apr 18, 2017, at 1:28 PM, Jason Schultz wrote: > > RSA_With_AES_128_CBC_SHA and RSA_With_3DES_EDE_CBC_SHA -- openssl-users mailing list To unsubscribe:

Re: [openssl-users] Help with ssl error

penssl-users <openssl-users-boun...@openssl.org> on behalf of Viktor Dukhovni <openssl-us...@dukhovni.org> Sent: Tuesday, April 18, 2017 5:06 PM To: openssl-users@openssl.org Subject: Re: [openssl-users] Help with ssl error On Tue, Apr 18, 2017 at 11:17:48AM -0400, Joseph Southwell wrote:

Re: [openssl-users] Help with ssl error

On Tue, Apr 18, 2017 at 11:17:48AM -0400, Joseph Southwell wrote: > It doesn’t look like it requested a client certificate to me. Correct, the server alert was returned immediately in response to the TLS ClientHello. > $ openssl s_client -state -msg -connect ftp.echannel.banksys.be:16370 >

Re: [openssl-users] Help with ssl error

It doesn’t look like it requested a client certificate to me. openssl110e>openssl s_client -state -msg -connect ftp.echannel.banksys.be:16370 -starttls ftp CONNECTED(0104) SSL_connect:before SSL initialization >>> ??? [length 0005] 16 03 01 00 ab >>> TLS 1.2Handshake [length 00ab],

Re: [openssl-users] Help with ssl error

> On Apr 14, 2017, at 9:48 AM, Joseph Southwell > wrote: > > Version 1.1 openssl > > openssl.exe s_client -connect hostname:16370 -starttls ftp > 877788:error:1409442F:SSL routines:ssl3_read_bytes:tlsv1 alert insufficient >

[openssl-users] Help with ssl error

Version 1.1 openssl openssl.exe s_client -connect hostname:16370 -starttls ftp CONNECTED(0104) 877788:error:1409442F:SSL routines:ssl3_read_bytes:tlsv1 alert insufficient security:ssl\record\rec_layer_s3.c:1385:SSL alert number 71 The host I am connecting to apparently only supports the

Re: TLS handshake error : No shared cipher (SSL error 40)

Hello, Thank to both of you. Best regards, -- Francis Le 17/09/2014 20:38, Dave Thompson a écrit : From: owner-openssl-us...@openssl.org On Behalf Of Francis GASCHET Sent: Wednesday, September 17, 2014 13:35 We use openSSL in OFTP2 implementation. The OFTP2 working group decided to strongly

TLS handshake error : No shared cipher (SSL error 40)

Hello, We use openSSL in OFTP2 implementation. The OFTP2 working group decided to strongly recommend to use preferably the cipher suites including PFS (ephemeral Diffie Hellman). So in our iplementation (linked against openssl 1.0.1g) I limited the list of offered ciphers (client) and

Re: TLS handshake error : No shared cipher (SSL error 40)

On Wed, Sep 17, 2014 at 07:34:44PM +0200, Francis GASCHET wrote: We use openSSL in OFTP2 implementation. The OFTP2 working group decided to strongly recommend to use preferably the cipher suites including PFS (ephemeral Diffie Hellman). Preferably, does not mean exclusively. You should

RE: TLS handshake error : No shared cipher (SSL error 40)

From: owner-openssl-us...@openssl.org On Behalf Of Francis GASCHET Sent: Wednesday, September 17, 2014 13:35 We use openSSL in OFTP2 implementation. The OFTP2 working group decided to strongly recommend to use preferably the cipher suites including PFS (ephemeral Diffie Hellman). snip To

SSL error after machine restart.

Hi We are using openssl 0.9.8 in our application. Things are working fine and suddenly we are having . Linux awtah.dispatchserver1 3.6.11-1.fc16.i686 #1 SMP Mon Dec 17 21:36:23 UTC 2012 i686 i686 i386 GNU/Linux error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record

Re: SSL error after machine restart.

On 31-07-2013 11:16, Rajeev Tomar wrote: Hi We are using openssl 0.9.8 in our application. Things are working fine and suddenly we are having . Linux awtah.dispatchserver1 3.6.11-1.fc16.i686 #1 SMP Mon Dec 17 21:36:23 UTC 2012 i686 i686 i386 GNU/Linux error:1408F119:SSL

SSL error: SSL error code 336151528 (a seemingly rare error/bug?)

While working on postgres driver in Go, I began getting these errors in my postgres logs: SSL error: SSL error code 336151528 I spoke with a postgres team member and they aren't sure exactly where this is coming from. A little more research on my side found someone else getting a very similar

Re: SSL error: SSL error code 336151528 (a seemingly rare error/bug?)

Sent by: owner-openssl-us...@openssl.org 03/27/2012 09:24 AM Please respond to openssl-users@openssl.org To openssl-users@openssl.org cc Subject SSL error: SSL error code 336151528 (a seemingly rare error/bug?) While working on postgres driver in Go, I began getting

RE: Please Help me out- SSL ERROR

From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout Sent: Wednesday, 18 January, 2012 02:52 snip root@1143726:/usr/bin# openssl s_client -connect 10.204.4.69:7003 WARNING: can't open config file: /usr/ssl/openssl.cnf CONNECTED(0003) depth=0 C = IN, ST = Karnataka, L =

Please Help me out- SSL ERROR

: X509v3 Basic Constraints: CA:FALSE Please let me know what is missing here why i am getting the above error. Best regards, S S Rout -- View this message in context: http://old.nabble.com/Please-Help-me-out--SSL-ERROR-tp33159464p33159464.html Sent from the OpenSSL - User

Re: Open SSL Error 14094412

On 05/31/2011 03:02 PM, David Mitchell wrote: On May 31, 2011, at 2:32 PM, Dave Thompson wrote: From: owner-openssl-us...@openssl.org On Behalf Of David Mitchell Sent: Friday, 27 May, 2011 12:35 I'm having some problems with EAP-TLS in FreeRadius 2.1.10. I have a client where

RE: Open SSL Error 14094412

From: owner-openssl-us...@openssl.org On Behalf Of David Mitchell Sent: Friday, 27 May, 2011 12:35 I'm having some problems with EAP-TLS in FreeRadius 2.1.10. I have a client where authentication attempts always fail with the relatively generic error below. I've tried to figure out what it

Open SSL Error 14094412

2011 : Error: TLS Alert read:fatal:bad certificate Fri May 27 10:17:51 2011 : Error: TLS_accept: failed in SSLv3 read client certificate A Fri May 27 10:17:51 2011 : Error: rlm_eap: SSL error error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate Fri May 27 10:17:51 2011

SSL error no start line

HI, what would error OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line mean ? Aarno __ OpenSSL Project http://www.openssl.org User Support Mailing List

Re: SSL error no start line

On Tue, Mar 29, 2011 at 10:15:04AM +0200, Aarno Syv?nen wrote: HI, what would error OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start line mean ? A PEM file was expected, but the input was not a PEM file, specifically, it had no -BEGIN ...- line. -- Viktor.

Re: SSL error: parse tlsext

Dr. Stephen Henson wrote: openssl s_client -connect xxx.org:443 and it should say if secure renegotiation is supported in the output. Thanks for the tip! I tried, but I am afraid I cannot tell whether it is the case or not, based on this output. I tried on google.com:443 as

SSL error: parse tlsext

Hi, I am using openssl from within neon, itself used from within Subversion. During an svnsync, I receive the following error message: svnsync: PROPFIND of '/svn/xxx': SSL negotiation failed: SSL error: parse tlsext (https://xxx.org) If I am right, this message comes from openssl

SSL error: parse tlsext

Hi, I am using openssl from within neon, itself used from within Subversion. During an svnsync, I receive the following error message: svnsync: PROPFIND of '/svn/xxx': SSL negotiation failed: SSL error: parse tlsext (https://xxx.org) If I am right, this message comes from openssl

Re: SSL error: parse tlsext

On Wed, Apr 07, 2010, Florent Georges wrote: Hi, I am using openssl from within neon, itself used from within Subversion. During an svnsync, I receive the following error message: svnsync: PROPFIND of '/svn/xxx': SSL negotiation failed: SSL error: parse tlsext (https

Re: SSL error: parse tlsext

Dr. Stephen Henson wrote: Thanks for your fast response! That looks like it is only part of the actual error code. That's all I have. I guess either Subversion or Neon truncates the error message. I suspect it is because the server doesn't support secure renegotiation. You can check

Re: SSL error: parse tlsext

On Wed, Apr 07, 2010, Florent Georges wrote: Dr. Stephen Henson wrote: Thanks for your fast response! That looks like it is only part of the actual error code. That's all I have. I guess either Subversion or Neon truncates the error message. I suspect it is because the server

SSL Error 140890B2

Network Analyst mjo...@hpsd48.ab.ca Office 523-2818 ext 182 Mobile 536-6641 Netware, because life is too short to reboot : TLS 1.0 Alert [length 0002], fatal certificate_unknown TLS Alert write:fatal:certificate unknown TLS_accept:error in SSLv3 read client certificate B rlm_eap: SSL error

SSL Error and Info messages

Hi, openssl community, My application calls some library functions, which uses OpenSSL. When my appliction runs, I believe OpenSSL emitted some messages described below. 1. Sometimes, following Error messages will be emitted: ERR-05255|8|04:26:25.540503|sslsocket.cpp[581] - SSL Error: Error

RE: SSL Error and Info messages

My application calls some library functions, which uses OpenSSL. When my appliction runs, I believe OpenSSL emitted some messages described below. Nope. Your application emitted them. OpenSSL detected them and reported them, you chose to print them out. Does anyone know what caused those

RE: SSL Error and Info messages

. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Weigang Gong Sent: 25 February 2008 14:55 To: openssl-users@openssl.org Subject: SSL Error and Info messages Hi, openssl community, My application calls some library functions, which uses OpenSSL

Re: SSL Error connecting to cia.gov

Isolating the problem is more or less simple: openssl s_client -connect www.cia.gov:443 shows the intermittent failures as well, so we can rule out all applications (curl, wget, ...). Has to be some basic thing. I tend to observe the failure with s_client not on the first attempt but on the nth

Re: SSL Error connecting to cia.gov

On Tue, 2007-10-23 at 22:02 -0700, Alex Lam wrote: That's TLSv1, not SSLv2. : 01 03 01 00 63 00 00 00 10 00 00 39 00 00 38 00 c..9..8. 0010: 00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00 .5.. 0020: 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f .3..2../

Re: SSL Error connecting to cia.gov

Try this.. ./openssl s_client -tls1 -connect www.cia.gov:443 On 10/24/07, Lutz Jaenicke [EMAIL PROTECTED] wrote: Isolating the problem is more or less simple: openssl s_client -connect www.cia.gov:443 shows the intermittent failures as well, so we can rule out all applications (curl,

SSL Error connecting to cia.gov

Hey all: We use curl to retrieve webpages, and recently started receiving an intermittent (40-60% of the time) error when retrieving a page from the CIA. About two weeks ago, they switched to running https only, with the http URLs being forwarded to the https equivalents. The error we receive

Re: SSL Error connecting to cia.gov

Hello, We use curl to retrieve webpages, and recently started receiving an intermittent (40-60% of the time) error when retrieving a page from the CIA. About two weeks ago, they switched to running https only, with the http URLs being forwarded to the https equivalents. The error we receive

Re: SSL Error connecting to cia.gov

Marek Marcola wrote: I think that this is CIA webserver problem. You may test this with: $ openssl s_client -connect www.cia.gov:443 -state -debug -msg [[-ssl3] [-tls1]] and in any combination after some successful connection you will get failed connections. For example: $ openssl

Re: SSL Error connecting to cia.gov

That's TLSv1, not SSLv2. : 01 03 01 00 63 00 00 00 10 00 00 39 00 00 38 00 c..9..8. 0010: 00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00 .5.. 0020: 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f .3..2../ 0030: 00 00 45 00 00 44 00 00 41 00 00 07 05 00 80 03

SSL ERROR on verifying Certificate

Hi I am trying to verify a certificate with the folowing command line on a windows 32 bit plateform: C:\OpenSSL\bin openssl verify -CAfile d:\cert.pem d:\cert2.pem It replies me: d:\cert2.pem: /C=FR/ST=Cote d Or/L=Saint Apollinaire/O=societe des AUTOROUTES PARIS RHIN

Re: SSL ERROR on verifying Certificate

Hello, I am trying to verify a certificate with the folowing command line on a windows 32 bit plateform: C:\OpenSSL\bin openssl verify -CAfile d:\cert.pem d:\cert2.pem It replies me: d:\cert2.pem: /C=FR/ST=Cote d Or/L=Saint Apollinaire/O=societe des AUTOROUTES PARIS RHIN

Clean SSL Error queue

Hi all What functions use to clean up SSl Error Queue in Multithread Applications ?? Thank You TD

Re: SSL error (138): cipher or hash unavailable

2007/4/10, Johans Taboada [EMAIL PROTECTED]: Hi list, I ask for help please. Still waiting... DatabaseError: SSL error: cipher or hash unavailable\n ... OperationalError: SSL error: cipher or hash unavailable\n ... What does it really mean '''cipher or hash unavailable'''? (SSL Error

SSL error (138): cipher or hash unavailable

server, tracd), it works with no problems. But when I use it throught apache2+mod_python, apache shows HTTP 500: {{{ # error_log, using pyPgSQL [Thu Apr 05 19:25:43 2007] [error] [client 192.168.2.52] DatabaseError: SSL error: cipher or hash unavailable\n [Thu Apr 05 19:25:43 2007] [debug

Re: lighttpd and ssl error

Timothy Wright To: openssl-users@openssl.org Sent: Tuesday, August 22, 2006 1:26 AM Subject: lighttpd and ssl error Hi. I am new at this and at my wits end. I keep on getting the same error when I try and start lighttpd. I have rekeyed my cert 2 times now so I am fair

Re: lighttpd and ssl error

= path to ca Thanks,ViSolveSecurity Consulting Group - Original Message - From: Timothy Wright To: openssl-users@openssl.org Sent: Tuesday, August 22, 2006 1:26 AM Subject: lighttpd and ssl error Hi. I am new at this and at my wits end. I keep on getting the same

Re: lighttpd and ssl error

Hello, Hi. I am new at this and at my wits end. I keep on getting the same error when I try and start lighttpd. I have rekeyed my cert 2 times now so I am fairly certain that it is not a problem there. I have redone the KEY and CSR as well. I do not

Re: lighttpd and ssl error

The problem is with my x509. What do I do to fix that?On 8/23/06, Marek Marcola [EMAIL PROTECTED] wrote:Hello, Hi. I am new at this and at my wits end. I keep on getting the same error when I try and start lighttpd. I have rekeyed my cert 2 times now so I am fairly certain that it is not a

Re: lighttpd and ssl error

Hello, The problem is with my x509. What do I do to fix that? On 8/23/06, Marek Marcola [EMAIL PROTECTED] wrote: Hello, Hi. I am new at this and at my wits end. I keep on getting the same error when I try and start lighttpd. I

lighttpd and ssl error

Hi. I am new at this and at my wits end. I keep on getting the same error when I try and start lighttpd. I have rekeyed my cert 2 times now so I am fairly certain that it is not a problem there. I have redone the KEY and CSR as well. I do not know what to do. Please let me know if you have any

Re: SSL Error

This error is indicative that there is no error. You have simplyread the error buffer one more time than you should have. There is absolutely nothing wrong with your application state if you see this reported. In my experience it wont cause any application problems if you check the error queue

Re: SSL Error

You can't reuse a socket for a TCP connection, but you certainly can reuse the same TCP socket for an arbitrary number ofSSL connections as long as you don't compromise the TCP connection while you're doing it. I suspect that is the intention here and from the sounds of things (if all he is

Re: SSL Error

On Wed, Aug 09, 2006, Carlo Agopian wrote: Hello, Has anybody seen the following runtime error message before? error::lib(0):func(0):reason(0) Yes. It normally means no error has been placed on the queue and the the application wrongly thinks it has and can print it out..

SSL Error

Title: SSL Error Hello, Has anybody seen the following runtime error message before? error::lib(0):func(0):reason(0) It seems to be coming from the following openssl function: ERR_error_string(m_sslError, 0). This error occurs in a C++ client application that sends SSL

Re: Need some help debugging SSL error thrown from STunnel using OpenSSL-FIPS

On Wed, Jun 07, 2006, David Gillingham wrote: Hello all, I've been tasked to internally investigate a system that utilizes STunnel and OpenSSL to create a secure wrapper for a propietary protocol. Additionally, this solution must eventually be FIPS 140-2 compliant. 608008D:

Re: Need some help debugging SSL error thrown from STunnel using OpenSSL-FIPS

I was able to convert the key as you instructed, and I overwrote the old RSA private key from my server.pem file with the new PKCS8 one. I am now a getting a different error message. From these new messages, I'm guessing OpenSSL is expecting a file in PKCS12 format, but that my file does not

Re: Need some help debugging SSL error thrown from STunnel using OpenSSL-FIPS

On Thu, Jun 08, 2006, David Gillingham wrote: I was able to convert the key as you instructed, and I overwrote the old RSA private key from my server.pem file with the new PKCS8 one. I am now a getting a different error message. From these new messages, I'm guessing OpenSSL is expecting a

Re: Need some help debugging SSL error thrown from STunnel using OpenSSL-FIPS

Dr. Henson-- Adding in a call to OpenSSL_add_all_algorithms() fixed the error. Thanks for the assistance. __ OpenSSL Project http://www.openssl.org User Support Mailing List

Need some help debugging SSL error thrown from STunnel using OpenSSL-FIPS

Hello all, I've been tasked to internally investigate a system that utilizes STunnel and OpenSSL to create a secure wrapper for a propietary protocol. Additionally, this solution must eventually be FIPS 140-2 compliant. So, using instructions outlined in the OpenSSL FIPS Security Policy and on

RE: CVSNT sserver SSL error

Your client is trying to use SSLv2, or SSLv3, and the server is configured to not allow that protocol. (Or, the server isn't configured to use any protocol.) I don't know the specifics of how to configure what you're doing, but I do know that there are environment variables available to

Re: CVSNT sserver SSL error

On 1/31/06, Jason Williard [EMAIL PROTECTED] wrote: I considered this as a possibility. The part that doesn't make sense is that I was under the belief that OpenSSL v0.9.7i supports both SSLv2 SSLv3. Is this correct? It does, yes, but by default there's no ciphers or protocol versions

CVSNT sserver SSL error

I just installed CVSNT 2.5.03.2151 on a Red Hat Enterprise 4 server. OpenSSL was previously installed with prefix /usr. When I attempt to connect using TortoiseCVS, I get the following error: SSL connection failed (-1): error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number cvs.exe

Re: CVSNT sserver SSL error

Your client is trying to use SSLv2, or SSLv3, and the server is configured to not allow that protocol. (Or, the server isn't configured to use any protocol.) I don't know the specifics of how to configure what you're doing, but I do know that there are environment variables available to specify

SSL error: decryption failed or bad record mac (pg as Samba backend)

the server terminated abnormally before or while processing the request. And the server log says: [24129] LOG: SSL error: decryption failed or bad record mac [24129] LOG: pq_recvbuf: recv() failed: Connection reset by peer There is no problem when not using SSL. The Samba code doesn't have any

Re: SSL error: no cipher list

) --- +OK [EMAIL PROTECTED] (mtiwpxc03) Maillennium POP3/PROXY server #2 and after that I can enter POP3 commands. - Original Message - From: Dr. Stephen Henson [EMAIL PROTECTED] To: openssl-users@openssl.org Sent: Saturday, January 22, 2005 2:19 PM Subject: Re: SSL error: no cipher list

Re: SSL error: no cipher list

On Mon, Jan 24, 2005, Yuriy Synov wrote: See if you can connect to the server using the s_client test program. For example: openssl s_client -conntect hostname:995 (use whatever port it uses for POP4+SSL, 995 is standard). Output from 'openssl s_client' follows: [EMAIL

Re: SSL error: no cipher list

Subject: RE: SSL error: no cipher list On my first SSL implementation, I struggled with this specific error. The Diffie-Hellman parameters for key exchange must be initialized, and if I remember correctly they weren't in my case. You must set up a callback to your code where it initializes DH

Re: SSL error: no cipher list

On Mon, Jan 24, 2005, Yuriy Synov wrote: In fact I'm not using OpenSSL library directly. I use an open source library Indy which in turn makes use of OpenSSL. I discovered that POP3 servers that use DES-CBC3-SHA work correctly with my program, and the server that fails uses RC4-SHA. I got

RE: SSL error: no cipher list

EMC Corporation 228 South St. Hopkinton MA 01748 phone: 508-249-1257 fax 508-497-8030 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Henry Su Sent: Friday, January 21, 2005 3:11 PM To: openssl-users@openssl.org Subject: RE: SSL error: no cipher list

Re: SSL error: no cipher list

, January 21, 2005 10:10 PM Subject: RE: SSL error: no cipher list No sure if you have set it or not. If not, you can try following example: #define CIPHER_LIST ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) ; -Original Message- From: [EMAIL PROTECTED

Re: SSL error: no cipher list

On Sat, Jan 22, 2005, Yuriy Synov wrote: No sure if you have set it or not. If not, you can try following example: #define CIPHER_LIST ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) ; I tried to set that cipher list, and now I get the following error:

SSL error: no cipher list

Dear All, I get this error with one POP3 server when I call function SSL_connect: error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list Could someone tell me what it means and how I can get rid of it? TIA Best regards, Yuriy Synov.

RE: SSL error: no cipher list

, 2005 6:15 AM To: openssl Subject: SSL error: no cipher list Dear All, I get this error with one POP3 server when I call function SSL_connect: error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list Could someone tell me what it means and how I can get rid of it? TIA Best regards, Yuriy

SSL Error

Hello All, I am getting an error in my Apache log: Mod_ossl: Unable to establish SSL protocol (server name) Mod_ossl: SSL call to NZ function nzos_Handshake failed with error 28864 Any idea why this is happening? Thanks _ Michael A.Castillo

SSL Error re pass phrase

I'm trying to get two vhosts on separate public IPs using separate secure certificates working on an apache server (mods and version in log below). The operating system is Mandrake 10. The sites work perfectly without the secure certificates as IP based vhosts. I've been playing with the

SSL Error SSL3_GET_MESSAGE

Title: SSL Error SSL3_GET_MESSAGE I have an error in the SSL logs that I don't know how to fix. From the research I've done this is caused by a cert larger than 1024 bits. Upgrade is not an option at this time because of the application My configuration is NT 4.0 Oracle 9ias

Need help troubleshooting SSL error

I'm running an OpenSSL-enabled application (nessus) that fails with the following error message: SSL_CTX_load_verify_locations[737]: error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt How can I determine the reason for this failure? Thanks! KJ

Re: SSL error status: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

On Wed, Dec 04, 2002 at 01:56:12PM -0500, Will Day wrote: I tried to verify my cert using: error 20 at 0 depth lookup:unable to get local issuer certificate What does error 20 mean? The cert works when using https, imaps, pop3s, etc. unable to get local issuer certificate means that the

SSL error status: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac

maillog are: imapd[3166]: Unable to accept SSL connection, host=[209.128.117.3] prospero imapd[3166]: SSL error status: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac I captured the packets for both a successful session (OK) and our troublesome Eudora sessions

Re: MAC OS X SSL error!

MAC OS X SSL error!I am about to start using OpenSSL for MacOS 9 10 development. I will let you know how it goes for me. My only other option would be to use Mozilla's NSS, but that sounds like a real pain in the butt to compile on the Mac - Original Message - From: Brendon Co

SSL error: 5 : error:00000005::lib(0) :func(0) :bad asn1 object header

Hello, I am using openssl 0.9.6 to SSL-secure an HTTP-server. I have noticed that when I connect using IE 5.0, I get this error message: SSL error: 5 : error:0005::lib(0) :func(0) :bad asn1 object header This does not have any visible effect on the browser (ie. the pages load fine

  1   2   >