_
From: Ramaiah, Ravichandran Bagalur
Sent: Wednesday, June 29, 2022 12:55 PM
To: Matt Caswell ; openssl-users@openssl.org
Subject: RE: [EXTERNAL] Re: SSL error (78c0100): malloc failure while
implementing tls 1.3
Hi Matt,
Below is the error I got
; openssl-users@openssl.org
Subject: [EXTERNAL] Re: SSL error (78c0100): malloc failure while implementing
tls 1.3
On 16/06/2022 05:52, Ramaiah, Ravichandran Bagalur wrote:
>
> *SSL error (78c0100): malloc failure
Do you get anything in the OpenSSL error stack for this (e.g. try
"ERR_prin
On 16/06/2022 05:52, Ramaiah, Ravichandran Bagalur wrote:
*SSL error (78c0100): malloc failure
Do you get anything in the OpenSSL error stack for this (e.g. try
"ERR_print_errors_fp(stdout);").
We need a bit more to go on to figure out where specifically the malloc
failure is
To: openssl-users@openssl.org
Subject: SSL error (78c0100): malloc failure while implementing tls 1.3
Hi All,
I'm trying to implement tls 1.3 support in my application. But I'm facing
malloc failure error.
Could you please help me understand why this error is happening? How to solve
this issue
*SSL_SESSION_free ref
*Session deleted on 2
*SSL3 alert write:fatal:internal error
*SSL_accept:error in error
*SSL error (78c0100): malloc failure
*ERROR on SSL_read err=1 flag=0
*Initiating SSL shutdown
I generated client and server certificates using below commands. And I used
TLS_AES_128_GCM_SHA256
>For example, I want the string "SSL_R_TOO_MANY_WARN_ALERTS" for an
error with that value, not just the "too many alerts" description.
You're correct, it's not done.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
For example, I want the string "SSL_R_TOO_MANY_WARN_ALERTS" for an
error with that value, not just the "too many alerts" description.
I'm suspecting not, I don't see any use of #reason in ERR_REASON() or
the macros it uses.
--
openssl-users mailing list
To unsubscribe:
On 12/04/18 07:05, shagun maheshwari wrote:
> Hi,
>
> We are getting an error "OpenSSL error hex string is too long invalid hex key
> value" . OpenSSL version we are using is openssl-1.0.2k-8.el7. We have solved
> this issue by applying a patch in openssl package suggested by openssl
>
Hi,
We are getting an error "OpenSSL error hex string is too long invalid
hex key value" . OpenSSL version we are using is openssl-1.0.2k-8.el7.
We have solved this issue by applying a patch in openssl package
suggested by openssl community
On 2017-06-01 12:23, Michael Wojcik wrote:
On the other hand, this doesn't really answer Florin's question of why
the server sees so many clients falling back. If the load is bursty,
it might be listen-queue dumping. I don't know if Nginx lets you
configure the listen queue depth, but at some
> From: openssl-users [mailto:openssl-users-boun...@openssl.org] On Behalf
> Of Salz, Rich via openssl-users
> Sent: Thursday, June 01, 2017 14:44
> To: openssl-users@openssl.org
> Subject: Re: [openssl-users] SSL error “inappropriate fallback” and
> TLS_FALLBACK_SCSV
&g
> What I find surprising is the rate of these errors. For every 100 legitimate
> HTTP requests that make it to Nginx, I get 2.5 “inappropriate fallback” SSL
> errors. That's a lot of noise.
>
> I guess I'll have to adjust my expectations.
That's not out of line with other measurements I've been
On 2017-06-01 11:43, Salz, Rich via openssl-users wrote:
Would clients actually attempt to send TLS_FALLBACK_SCSV even if the
previous connection attempt failed for reasons other than TLS? If,
say, the
initial connection attempt failed at the TCP level? That sounds a
little strange
to me.
> Would clients actually attempt to send TLS_FALLBACK_SCSV even if the
> previous connection attempt failed for reasons other than TLS? If, say, the
> initial connection attempt failed at the TCP level? That sounds a little
> strange
> to me.
Yes they do.
There are many badly written clients
On 2017-06-01 02:13, Matt Caswell wrote:
The presence of this error doesn't actually mean that you are under
attack. It just means that the client made an earlier connection
attempt
with a higher version number and it failed. There could be many reasons
for the failure. For example,
On 01/06/17 02:58, Florin Andrei wrote:
> It's a little puzzling because the exchange of crypto messages uses TLS
> 1.0 which the server definitely supports, and the client should be very
> likely to support too.
>
> I've seen discussions online saying that the presence of the
>
:AES128-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA';
ssl_prefer_server_ciphers on;
I've verified with nmap and I get the same ssl-enum-ciphers list from
Nginx.
Now in the Nginx error log I get lots of lines like this:
SSL_do_handshake() failed (SSL: error:140A1175:SSL
> On Apr 19, 2017, at 12:48 PM, Joseph Southwell
> wrote:
>
> Sorry we did do that. It just didn’t look different so I didn’t send it
> (pasted below). I also have asked for help from the server admin but it is a
> non English speaking country and they don’t seem to
Sorry we did do that. It just didn’t look different so I didn’t send it (pasted
below). I also have asked for help from the server admin but it is a non
English speaking country and they don’t seem to be interested in talking to me.
I have another product supposedly using OpenSSL that is
On Tue, Apr 18, 2017 at 05:06:40PM +, Viktor Dukhovni wrote:
> The ClientHello decodes via tshark as:
>
> [...]
> Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)
> Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
> Cipher
Is there a way to enable one or both of those ciphers in OpenSSL?
> On Apr 18, 2017, at 1:28 PM, Jason Schultz wrote:
>
> RSA_With_AES_128_CBC_SHA and RSA_With_3DES_EDE_CBC_SHA
--
openssl-users mailing list
To unsubscribe:
penssl-users <openssl-users-boun...@openssl.org> on behalf of Viktor
Dukhovni <openssl-us...@dukhovni.org>
Sent: Tuesday, April 18, 2017 5:06 PM
To: openssl-users@openssl.org
Subject: Re: [openssl-users] Help with ssl error
On Tue, Apr 18, 2017 at 11:17:48AM -0400, Joseph Southwell wrote:
On Tue, Apr 18, 2017 at 11:17:48AM -0400, Joseph Southwell wrote:
> It doesn’t look like it requested a client certificate to me.
Correct, the server alert was returned immediately in response
to the TLS ClientHello.
> $ openssl s_client -state -msg -connect ftp.echannel.banksys.be:16370
>
It doesn’t look like it requested a client certificate to me.
openssl110e>openssl s_client -state -msg -connect ftp.echannel.banksys.be:16370
-starttls ftp
CONNECTED(0104)
SSL_connect:before SSL initialization
>>> ??? [length 0005]
16 03 01 00 ab
>>> TLS 1.2Handshake [length 00ab],
> On Apr 14, 2017, at 9:48 AM, Joseph Southwell
> wrote:
>
> Version 1.1 openssl
>
> openssl.exe s_client -connect hostname:16370 -starttls ftp
> 877788:error:1409442F:SSL routines:ssl3_read_bytes:tlsv1 alert insufficient
>
Version 1.1 openssl
openssl.exe s_client -connect hostname:16370 -starttls ftp
CONNECTED(0104)
877788:error:1409442F:SSL routines:ssl3_read_bytes:tlsv1 alert insufficient
security:ssl\record\rec_layer_s3.c:1385:SSL alert number 71
The host I am connecting to apparently only supports the
Hello,
Thank to both of you.
Best regards,
--
Francis
Le 17/09/2014 20:38, Dave Thompson a écrit :
From: owner-openssl-us...@openssl.org On Behalf Of Francis GASCHET
Sent: Wednesday, September 17, 2014 13:35
We use openSSL in OFTP2 implementation. The OFTP2 working group
decided
to strongly
Hello,
We use openSSL in OFTP2 implementation. The OFTP2 working group decided
to strongly recommend to use preferably the cipher suites including PFS
(ephemeral Diffie Hellman).
So in our iplementation (linked against openssl 1.0.1g) I limited the
list of offered ciphers (client) and
On Wed, Sep 17, 2014 at 07:34:44PM +0200, Francis GASCHET wrote:
We use openSSL in OFTP2 implementation. The OFTP2 working group decided to
strongly recommend to use preferably the cipher suites including PFS
(ephemeral Diffie Hellman).
Preferably, does not mean exclusively. You should
From: owner-openssl-us...@openssl.org On Behalf Of Francis GASCHET
Sent: Wednesday, September 17, 2014 13:35
We use openSSL in OFTP2 implementation. The OFTP2 working group
decided
to strongly recommend to use preferably the cipher suites including PFS
(ephemeral Diffie Hellman).
snip
To
Hi
We are using openssl 0.9.8 in our application.
Things are working fine and suddenly we are having .
Linux awtah.dispatchserver1 3.6.11-1.fc16.i686 #1 SMP Mon Dec 17 21:36:23 UTC
2012 i686 i686 i386 GNU/Linux
error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record
On 31-07-2013 11:16, Rajeev Tomar wrote:
Hi
We are using openssl 0.9.8 in our application.
Things are working fine and suddenly we are having .
Linux awtah.dispatchserver1 3.6.11-1.fc16.i686 #1 SMP Mon Dec 17
21:36:23 UTC 2012 i686 i686 i386 GNU/Linux
error:1408F119:SSL
While working on postgres driver in Go, I began getting these errors
in my postgres logs:
SSL error: SSL error code 336151528
I spoke with a postgres team member and they aren't sure exactly where
this is coming from.
A little more research on my side found someone else getting a very
similar
Sent by: owner-openssl-us...@openssl.org
03/27/2012 09:24 AM
Please respond to
openssl-users@openssl.org
To
openssl-users@openssl.org
cc
Subject
SSL error: SSL error code 336151528 (a seemingly rare error/bug?)
While working on postgres driver in Go, I began getting
From: owner-openssl-us...@openssl.org On Behalf Of Mr.Rout
Sent: Wednesday, 18 January, 2012 02:52
snip
root@1143726:/usr/bin# openssl s_client -connect 10.204.4.69:7003
WARNING: can't open config file: /usr/ssl/openssl.cnf
CONNECTED(0003)
depth=0 C = IN, ST = Karnataka, L =
:
X509v3 Basic Constraints:
CA:FALSE
Please let me know what is missing here why i am getting the above error.
Best regards,
S S Rout
--
View this message in context:
http://old.nabble.com/Please-Help-me-out--SSL-ERROR-tp33159464p33159464.html
Sent from the OpenSSL - User
On 05/31/2011 03:02 PM, David Mitchell wrote:
On May 31, 2011, at 2:32 PM, Dave Thompson wrote:
From: owner-openssl-us...@openssl.org On Behalf Of David Mitchell
Sent: Friday, 27 May, 2011 12:35
I'm having some problems with EAP-TLS in FreeRadius 2.1.10. I
have a client
where
From: owner-openssl-us...@openssl.org On Behalf Of David Mitchell
Sent: Friday, 27 May, 2011 12:35
I'm having some problems with EAP-TLS in FreeRadius 2.1.10. I
have a client
where authentication attempts always fail with the relatively generic
error below. I've tried to figure out what it
2011 : Error: TLS Alert read:fatal:bad certificate
Fri May 27 10:17:51 2011 : Error: TLS_accept: failed in SSLv3 read client
certificate A
Fri May 27 10:17:51 2011 : Error: rlm_eap: SSL error error:14094412:SSL
routines:SSL3_READ_BYTES:sslv3 alert bad certificate
Fri May 27 10:17:51 2011
HI,
what would error OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start
line mean ?
Aarno
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
On Tue, Mar 29, 2011 at 10:15:04AM +0200, Aarno Syv?nen wrote:
HI,
what would error OpenSSL: error:0906D06C:PEM routines:PEM_read_bio:no start
line mean ?
A PEM file was expected, but the input was not a PEM file, specifically,
it had no -BEGIN ...- line.
--
Viktor.
Dr. Stephen Henson wrote:
openssl s_client -connect xxx.org:443
and it should say if secure renegotiation is supported in
the output.
Thanks for the tip! I tried, but I am afraid I cannot tell
whether it is the case or not, based on this output. I tried
on google.com:443 as
Hi,
I am using openssl from within neon, itself used from within
Subversion. During an svnsync, I receive the following error
message:
svnsync: PROPFIND of '/svn/xxx': SSL negotiation failed: SSL
error: parse tlsext (https://xxx.org)
If I am right, this message comes from openssl
Hi,
I am using openssl from within neon, itself used from within
Subversion. During an svnsync, I receive the following error
message:
svnsync: PROPFIND of '/svn/xxx': SSL negotiation failed: SSL
error: parse tlsext (https://xxx.org)
If I am right, this message comes from openssl
On Wed, Apr 07, 2010, Florent Georges wrote:
Hi,
I am using openssl from within neon, itself used from within
Subversion. During an svnsync, I receive the following error
message:
svnsync: PROPFIND of '/svn/xxx': SSL negotiation failed: SSL
error: parse tlsext (https
Dr. Stephen Henson wrote:
Thanks for your fast response!
That looks like it is only part of the actual error code.
That's all I have. I guess either Subversion or Neon truncates
the error message.
I suspect it is because the server doesn't support secure
renegotiation. You can check
On Wed, Apr 07, 2010, Florent Georges wrote:
Dr. Stephen Henson wrote:
Thanks for your fast response!
That looks like it is only part of the actual error code.
That's all I have. I guess either Subversion or Neon truncates
the error message.
I suspect it is because the server
Network Analyst
mjo...@hpsd48.ab.ca
Office 523-2818 ext 182
Mobile 536-6641
Netware, because life is too short to reboot
: TLS 1.0 Alert [length 0002], fatal certificate_unknown
TLS Alert write:fatal:certificate unknown
TLS_accept:error in SSLv3 read client certificate B
rlm_eap: SSL error
Hi, openssl community,
My application calls some library functions, which uses OpenSSL. When my
appliction runs, I believe OpenSSL emitted some messages described below.
1. Sometimes, following Error messages will be emitted:
ERR-05255|8|04:26:25.540503|sslsocket.cpp[581] - SSL Error: Error
My application calls some library functions, which uses
OpenSSL. When my appliction runs, I believe OpenSSL emitted
some messages described below.
Nope. Your application emitted them. OpenSSL detected them and reported
them, you chose to print them out.
Does anyone know what caused those
.
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Weigang Gong
Sent: 25 February 2008 14:55
To: openssl-users@openssl.org
Subject: SSL Error and Info messages
Hi, openssl community,
My application calls some library functions, which uses OpenSSL
Isolating the problem is more or less simple:
openssl s_client -connect www.cia.gov:443
shows the intermittent failures as well, so we can rule out all
applications (curl, wget, ...). Has to be some basic thing.
I tend to observe the failure with s_client not on the first attempt but
on the nth
On Tue, 2007-10-23 at 22:02 -0700, Alex Lam wrote:
That's TLSv1, not SSLv2.
: 01 03 01 00 63 00 00 00 10 00 00 39 00 00 38 00 c..9..8.
0010: 00 35 00 00 88 00 00 87 00 00 84 00 00 16 00
00 .5..
0020: 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f .3..2../
Try this..
./openssl s_client -tls1 -connect www.cia.gov:443
On 10/24/07, Lutz Jaenicke [EMAIL PROTECTED] wrote:
Isolating the problem is more or less simple:
openssl s_client -connect www.cia.gov:443
shows the intermittent failures as well, so we can rule out all
applications (curl,
Hey all:
We use curl to retrieve webpages, and recently started receiving an
intermittent (40-60% of the time) error when retrieving a page from the
CIA. About two weeks ago, they switched to running https only, with the
http URLs being forwarded to the https equivalents.
The error we receive
Hello,
We use curl to retrieve webpages, and recently started receiving an
intermittent (40-60% of the time) error when retrieving a page from the
CIA. About two weeks ago, they switched to running https only, with the
http URLs being forwarded to the https equivalents.
The error we receive
Marek Marcola wrote:
I think that this is CIA webserver problem.
You may test this with:
$ openssl s_client -connect www.cia.gov:443 -state -debug -msg [[-ssl3]
[-tls1]]
and in any combination after some successful connection you will get failed
connections.
For example:
$ openssl
That's TLSv1, not SSLv2.
: 01 03 01 00 63 00 00 00 10 00 00 39 00 00 38 00 c..9..8.
0010: 00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00 .5..
0020: 13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f .3..2../
0030: 00 00 45 00 00 44 00 00 41 00 00 07 05 00 80 03
Hi
I am trying to verify a certificate with the folowing command line on a windows
32 bit plateform:
C:\OpenSSL\bin openssl verify -CAfile d:\cert.pem d:\cert2.pem
It replies me:
d:\cert2.pem: /C=FR/ST=Cote d Or/L=Saint Apollinaire/O=societe des AUTOROUTES
PARIS RHIN
Hello,
I am trying to verify a certificate with the folowing command line on a
windows 32 bit plateform:
C:\OpenSSL\bin openssl verify -CAfile d:\cert.pem d:\cert2.pem
It replies me:
d:\cert2.pem: /C=FR/ST=Cote d Or/L=Saint Apollinaire/O=societe des AUTOROUTES
PARIS RHIN
Hi all
What functions use to clean up SSl Error Queue in Multithread
Applications ??
Thank You
TD
2007/4/10, Johans Taboada [EMAIL PROTECTED]:
Hi list, I ask for help please.
Still waiting...
DatabaseError: SSL error: cipher or hash unavailable\n
...
OperationalError: SSL error: cipher or hash unavailable\n
...
What does it really mean '''cipher or hash unavailable'''? (SSL Error
server, tracd), it works with
no problems.
But when I use it throught apache2+mod_python, apache shows HTTP 500:
{{{
# error_log, using pyPgSQL
[Thu Apr 05 19:25:43 2007] [error] [client 192.168.2.52]
DatabaseError: SSL error: cipher or hash unavailable\n
[Thu Apr 05 19:25:43 2007] [debug
Timothy Wright
To: openssl-users@openssl.org
Sent: Tuesday, August 22, 2006 1:26
AM
Subject: lighttpd and ssl error
Hi. I am new at this and at my wits end. I keep on getting the
same error when I try and start lighttpd. I have rekeyed my cert 2 times now
so I am fair
= path to ca
Thanks,ViSolveSecurity Consulting
Group
- Original Message -
From:
Timothy Wright
To:
openssl-users@openssl.org
Sent: Tuesday, August 22, 2006 1:26
AM
Subject: lighttpd and ssl error
Hi. I am new at this and at my wits end. I keep on getting the
same
Hello,
Hi. I am new at this and at my wits end. I keep on getting the
same error when I try and start lighttpd. I have rekeyed my
cert 2 times now so I am fairly certain that it is not a
problem there. I have redone the KEY and CSR as well. I do not
The problem is with my x509. What do I do to fix that?On 8/23/06, Marek Marcola [EMAIL PROTECTED]
wrote:Hello, Hi. I am new at this and at my wits end. I keep on getting the
same error when I try and start lighttpd. I have rekeyed my cert 2 times now so I am fairly certain that it is not a
Hello,
The problem is with my x509. What do I do to fix that?
On 8/23/06, Marek Marcola [EMAIL PROTECTED] wrote:
Hello,
Hi. I am new at this and at my wits end. I keep on
getting the
same error when I try and start lighttpd. I
Hi. I am new at this and at my wits end. I keep on getting the same error when I try and start lighttpd. I have rekeyed my cert 2 times now so I am fairly certain that it is not a problem there. I have redone the KEY and CSR as well. I do not know what to do. Please let me know if you have any
This error is indicative that there is no error. You have simplyread the error buffer one more time than you should have. There is absolutely nothing wrong with your application state if you see this reported. In my experience it wont cause any application problems if you check the error queue
You can't reuse a socket for a TCP connection, but you certainly can reuse the same TCP socket for an arbitrary number ofSSL connections as long as you don't compromise the TCP connection while you're doing it. I suspect that is the intention here and from the sounds of things (if all he is
On Wed, Aug 09, 2006, Carlo Agopian wrote:
Hello,
Has anybody seen the following runtime error message before?
error::lib(0):func(0):reason(0)
Yes. It normally means no error has been placed on the queue and the the
application wrongly thinks it has and can print it out..
Title: SSL Error
Hello,
Has anybody seen the following runtime error message before?
error::lib(0):func(0):reason(0)
It seems to be coming from the following openssl function: ERR_error_string(m_sslError, 0). This error occurs in a C++ client application that sends SSL
On Wed, Jun 07, 2006, David Gillingham wrote:
Hello all,
I've been tasked to internally investigate a system that utilizes
STunnel and OpenSSL to create a secure wrapper for a propietary
protocol. Additionally, this solution must eventually be FIPS 140-2
compliant.
608008D:
I was able to convert the key as you instructed, and I overwrote the
old RSA private key from my server.pem file with the new PKCS8 one. I
am now a getting a different error message. From these new messages,
I'm guessing OpenSSL is expecting a file in PKCS12 format, but that my
file does not
On Thu, Jun 08, 2006, David Gillingham wrote:
I was able to convert the key as you instructed, and I overwrote the
old RSA private key from my server.pem file with the new PKCS8 one. I
am now a getting a different error message. From these new messages,
I'm guessing OpenSSL is expecting a
Dr. Henson--
Adding in a call to OpenSSL_add_all_algorithms() fixed the error.
Thanks for the assistance.
__
OpenSSL Project http://www.openssl.org
User Support Mailing List
Hello all,
I've been tasked to internally investigate a system that utilizes
STunnel and OpenSSL to create a secure wrapper for a propietary
protocol. Additionally, this solution must eventually be FIPS 140-2
compliant.
So, using instructions outlined in the OpenSSL FIPS Security Policy
and on
Your client is trying to use SSLv2, or SSLv3, and the server is
configured to not allow that protocol. (Or, the server isn't
configured to use any protocol.)
I don't know the specifics of how to configure what you're doing, but
I do know that there are environment variables available to
On 1/31/06, Jason Williard [EMAIL PROTECTED] wrote:
I considered this as a possibility. The part that doesn't make sense is
that I was under the belief that OpenSSL v0.9.7i supports both SSLv2
SSLv3. Is this correct?
It does, yes, but by default there's no ciphers or protocol versions
I just installed CVSNT 2.5.03.2151 on a Red Hat Enterprise 4 server. OpenSSL
was previously installed with prefix /usr. When I attempt to connect using
TortoiseCVS, I get the following error:
SSL connection failed (-1): error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number cvs.exe
Your client is trying to use SSLv2, or SSLv3, and the server is
configured to not allow that protocol. (Or, the server isn't
configured to use any protocol.)
I don't know the specifics of how to configure what you're doing, but
I do know that there are environment variables available to specify
the server terminated abnormally
before or while processing the request.
And the server log says:
[24129] LOG: SSL error: decryption failed or bad record mac
[24129] LOG: pq_recvbuf: recv() failed: Connection reset by peer
There is no problem when not using SSL. The Samba code doesn't have any
)
---
+OK [EMAIL PROTECTED] (mtiwpxc03) Maillennium POP3/PROXY
server
#2
and after that I can enter POP3 commands.
- Original Message -
From: Dr. Stephen Henson [EMAIL PROTECTED]
To: openssl-users@openssl.org
Sent: Saturday, January 22, 2005 2:19 PM
Subject: Re: SSL error: no cipher list
On Mon, Jan 24, 2005, Yuriy Synov wrote:
See if you can connect to the server using the s_client test program. For
example:
openssl s_client -conntect hostname:995
(use whatever port it uses for POP4+SSL, 995 is standard).
Output from 'openssl s_client' follows:
[EMAIL
Subject: RE: SSL error: no cipher list
On my first SSL implementation, I struggled with this specific error. The
Diffie-Hellman parameters for key exchange must be initialized, and if I
remember correctly they weren't in my case.
You must set up a callback to your code where it initializes DH
On Mon, Jan 24, 2005, Yuriy Synov wrote:
In fact I'm not using OpenSSL library directly. I use an open source library
Indy which in turn makes use of OpenSSL. I discovered that POP3 servers that
use DES-CBC3-SHA work correctly with my program, and the server that fails
uses RC4-SHA. I got
EMC Corporation
228 South St.
Hopkinton MA 01748
phone: 508-249-1257
fax 508-497-8030
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Henry Su
Sent: Friday, January 21, 2005 3:11 PM
To: openssl-users@openssl.org
Subject: RE: SSL error: no cipher list
, January 21, 2005 10:10 PM
Subject: RE: SSL error: no cipher list
No sure if you have set it or not. If not, you can try following example:
#define CIPHER_LIST ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) ;
-Original Message-
From: [EMAIL PROTECTED
On Sat, Jan 22, 2005, Yuriy Synov wrote:
No sure if you have set it or not. If not, you can try following example:
#define CIPHER_LIST ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) ;
I tried to set that cipher list, and now I get the following error:
Dear All,
I get this error with one POP3 server when I call function SSL_connect:
error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list
Could someone tell me what it means and how I can get rid of it? TIA
Best regards,
Yuriy Synov.
, 2005 6:15 AM
To: openssl
Subject: SSL error: no cipher list
Dear All,
I get this error with one POP3 server when I call function SSL_connect:
error:1406D0B8:SSL routines:GET_SERVER_HELLO:no cipher list
Could someone tell me what it means and how I can get rid of it? TIA
Best regards,
Yuriy
Hello All,
I am getting an error in my Apache log:
Mod_ossl: Unable to establish SSL protocol (server name)
Mod_ossl: SSL call to NZ function nzos_Handshake failed with
error 28864
Any idea why this is happening?
Thanks
_
Michael
A.Castillo
I'm trying to get two vhosts on separate public IPs using separate secure
certificates working on an apache server (mods and version in log below).
The operating system is Mandrake 10. The sites work perfectly without the
secure certificates as IP based vhosts.
I've been playing with the
Title: SSL Error SSL3_GET_MESSAGE
I have an error in the SSL logs that I don't know how to fix. From the research I've done this is caused by a cert larger than 1024 bits.
Upgrade is not an option at this time because of the application
My configuration is
NT 4.0
Oracle 9ias
I'm running an OpenSSL-enabled application (nessus) that fails with
the following error message:
SSL_CTX_load_verify_locations[737]: error:06065064:digital envelope
routines:EVP_DecryptFinal:bad decrypt
How can I determine the reason for this failure?
Thanks!
KJ
On Wed, Dec 04, 2002 at 01:56:12PM -0500, Will Day wrote:
I tried to verify my cert using:
error 20 at 0 depth lookup:unable to get local issuer certificate
What does error 20 mean? The cert works when using https, imaps, pop3s,
etc.
unable to get local issuer certificate means that the
maillog are:
imapd[3166]: Unable to accept SSL connection, host=[209.128.117.3]
prospero imapd[3166]: SSL error status: error:1408F455:SSL
routines:SSL3_GET_RECORD:decryption failed or bad record mac
I captured the packets for both a successful session (OK) and
our troublesome Eudora sessions
MAC OS X SSL error!I am about to start using OpenSSL for MacOS 9 10
development. I will let you know how it goes for me. My only other option
would be to use Mozilla's NSS, but that sounds like a real pain in the butt
to compile on the Mac
- Original Message -
From: Brendon Co
Hello,
I am using openssl 0.9.6 to SSL-secure an HTTP-server.
I have noticed that when I connect using IE 5.0, I get this error message:
SSL error: 5 : error:0005::lib(0) :func(0) :bad asn1 object header
This does not have any visible effect on the browser (ie. the pages load
fine
1 - 100 of 114 matches
Mail list logo