Hi,
I'm developping an application which use an ssl tunnel to send some datas.
Everything is ok, while my certificate and associated private key are stored
locally on my hard drive.
But i don't understand how to use use a smartcard for ssl handshake.
i'm using opensc engine_pkcs11 to communicate
Selon Marek Marcola [EMAIL PROTECTED]:
Thank you very much for the response ..
Hello,
I try to connect a client to an SSL server in SSL 3.0 mode.
I do not achieve to have the SSL connexion.
When I look at the IP streams, I can see the Hello client message and the
handshake phase during
Hello,
I try to connect a client to an SSL server in SSL 3.0 mode.
I do not achieve to have the SSL connexion.
When I look at the IP streams, I can see the Hello client message and the
handshake phase during which I see the certificate sent by the server to the
client ( during this phase, I
I have a basic question here:
Is it mandatory to have the server configured with ciphers/certificates
for SSL handshake?
Thanks / Sukant
Alex Lam wrote:
Hi Alessandro,
You will need to set up a handful of cipher certificate related
settings before server and client will join.
I suggest
Sukanta Panigrahi wrote:
I have a basic question here:
Is it mandatory to have the server configured with ciphers/certificates
for SSL handshake?
Thanks / Sukant
well, ciphers - yes. If you don't do it, openssl gives you a default
cipher list.
certificates - not all the time. If you're
I'm trying to make a client/server application with ssl connection but
the handshake doesn't work.
Reading the manual page I've tried to do this to make ssl connection:
Server layer:
SSL_CTX *ssl = NULL;
SSL *new = NULL;
socketdescriptor = socketcreation();
bind(...);
listen(...);
Unless someone recognizes the text, it might be helpful if you tell a
little more about the server and client side.
frans.
On Wed, 2007-10-10 at 00:09 +0200, Alessandro Baggi wrote:
I'm trying to make a client/server application with ssl connection but
the handshake doesn't work.
Reading
Hi Alessandro,
You will need to set up a handful of cipher certificate related settings
before server and client will join.
I suggest you take a look at the apps/s_server.c and apps/s_client.c
regards,
alex
On 10/9/07, Alessandro Baggi [EMAIL PROTECTED] wrote:
I'm trying to make a
Hi,
Can you recommend any book about secure connections, ssl, handshake and the
things alike? Would be nice if it has some reference to openssl, but it is
not absolutely necessary.
I would be grateful for any suggestions.
Thanks,
Koza
--
View this message in context:
http://www.nabble.com
Hello,
I have this one: http://www.opensslbook.com/
It's quite good, with a lot of programming examples etc...
Joeri
On 9/10/07, Koza [EMAIL PROTECTED] wrote:
Hi,
Can you recommend any book about secure connections, ssl, handshake and the
things alike? Would be nice if it has some
secure connections, ssl, handshake and
the
things alike? Would be nice if it has some reference to openssl, but it is
not absolutely necessary.
I would be grateful for any suggestions.
Thanks,
Koza
--
View this message in context:
http://www.nabble.com/books-about-ssl-handshake--tf4417791
[EMAIL PROTECTED] wrote:
You have two good books:
Eric Rescorla, SSL and TLS, Designing and Building Secure Systems, Addison
Wesley, 2001.
This one explains the things the OP asked explicitly for.
John Viega, Matt Messier, Pravir Chandra
Network Security with OpenSSL Cryptography for
wishes to see that.
- mrahin
--
View this message in context:
http://www.nabble.com/very-slow-ssl-handshake-tf4353602.html#a12405288
Sent from the OpenSSL - User mailing list archive at Nabble.com.
__
OpenSSL Project
.
com.vitria.connectors.http.HttpTargetConnector.getSSLSocket(HttpTargetConnector.java:575)
--- The linked exception is ---
java.net.SocketException: Xport: SSL handshake failed: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
com.vitria.roi.javanative.VTSocketImpl.connect(VTSocketImpl.java:118
If you wouldn't mind moving over to not-yet-common-ssl mailing list
(SSL and Java) I might be able to help you over there:
http://lists.juliusdavies.ca/listinfo.cgi/not-yet-commons-ssl-juliusdavies.ca/
To me it looks like you are missing a client certificate.
Try using java -jar
Hello,
Thank you very much this works fine but how do I get the information if
diffie hellman (DH) is used to negotiate the key?
I wanted to compare the differnce in cpu consumption and time delay if
session reuse is used or not! (Keyexchange with Diffie Hellman)
Therefore I set:
Hello
Everybody!
I got my server and
client running. I want to do some testing and need some information about the
ssl handshake... whitch mechanism is used and if diffie-hellman is used what
size of the primary secret is used?
I was able to get
information about the cipher
Hello,
Hello Everybody!
I got my server and client running. I want to do some testing and need
some information about the ssl handshake... whitch mechanism is used
and if diffie-hellman is used what size of the primary secret is used?
I was able to get information about the cipher
An: openssl-users@openssl.org
Betreff: Re: Get Information about SSL Handshake
Hello,
Hello Everybody!
I got my server and client running. I want to do some testing and need
some information about the ssl handshake... whitch mechanism is used
and if diffie-hellman is used what size
On Fri, Jan 13, 2006, Krishna M Singh wrote:
I remember the SSL stack of Netscape and Firefox are OpenSSL variants.
Does this mean the same has been fixed in their stacks or is it
handled by the application itself?.
Then you remember incorrectly. Netscape and Firefox use NSS which is not
this problem and required use to do
refresh. Firefox discovers this on runtime and retries connection with
SSL 3.0 (when SSL handshake with SSL3.1 fails with harryandavid site).
I remember the SSL stack of Netscape and Firefox are OpenSSL variants.
Does this mean the same has been fixed in their stacks
On Tue, Jan 10, 2006, Krishna M Singh wrote:
Also when we use SSLv2 only this works fine.. Only with SSLv23 the
handshake fails. Any ideas or pointers how to proceed further wud be of
great help..
Seems it doesn't support TLS and messes up SSLv3 when the client indicates it
supports TLS.
Currently, it is not. OpenSSL uses engine only either for generating
random numbers or for implementing algorithms. Pl refer
http://www.openssl.org/docs/crypto/engine.html
JB
On 8/5/05, Eduri, Eswar M [EMAIL PROTECTED] wrote:
Hello,
Is it possible for an 'engine' to detect when an SSL
Title: Detect SSL handshake completion
Hello,
Is it possible for an engine to detect when an SSL handshake has started or completed? Appreciate your help.
regards,
Eswar Eduri
On Sun, Apr 17, 2005 at 10:53:50PM, Asif Iqbal wrote:
Hi All
I installed Apache/1.3.33 (Unix) mod_perl/1.29 mod_ssl/2.8.22
OpenSSL/0.9.7d on Solaris
Upgrade OpenSSL to latest to fix the problem. Thanks
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
..there are two kinds of
have been transferred
The Apache error log says:
[Sun Apr 17 22:35:21 2005] [error] mod_ssl: SSL handshake failed (server
my.website.com:443, client 192.168.0.15) (OpenSSL library error follows)
[Sun Apr 17 22:35:21 2005] [error] OpenSSL: error:1409D08A:SSL
Hello. I've sent my question to the wrong group previously.
I'm a beginner of using the ssl library. I got a problem about handshaking.
I need to do an application to read all the incoming and outgoing
traffic, including the handshaking of ssl.
I would like to know where and which functions are
Greetings,
I am interested in a rough quick experiment with the SSL handshake
process. My idea is to custom create the handshake layer in SSL with my
own version of SSL handshake, keeping everything else intact in the SSL
protocol. I am wondering if I can use some library/command line
Hi,
I am trying to establish a successful handshake with a SSL server. I am
using openSSL version 0.9.7d and my compiler MS Visual Studio.NET and OS
is WIN 2K, Server
I do not see any methods that let me do it. Can someone please tell me
how to establish a successful SSL handshake.
Thanks
Check 'Network Security with OpenSSL' by John Veiga, Matt Messier and Pravir
Chandra
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Madhuri Rambhatla
Sent: Friday, June 18, 2004 10:14 AM
To: [EMAIL PROTECTED]
Subject: SSL Handshake
Hi,
I am trying
Hello everybody,
I am very interested if despite its specification the ssl handshake can be
reduced to one message send from the client to the server and one from the
server to the client (saying just one message loop).
I am thinking of skipping the protocol/cypto negotiation phase by setting
if the quit their
browser and try again. They are running a patched ie6 on windows
2000. We only have this problem with this one client's site.
Here is the error from my log file:
[Tue Dec 30 08:19:10 2003] [error] mod_ssl: SSL handshake timed out
(client X.X.X.X, server www.partnersmith.com:443
Sriram R [EMAIL PROTECTED] writes:
Is it possible to print the ssl handshake and keys exchanged
on the openssl side?..If so how?
I recommend using ssldump URL: http://www.rtfm.com/ssldump/ .
--
Jostein Tveit ([EMAIL PROTECTED
hi all,
Is it possible to print the ssl handshake and keys exchanged on the openssl side?..If so how?
thanks,
-Sriram
Do you Yahoo!?
Protect your identity with Yahoo! Mail AddressGuard
Hi. Customer using Apache HTTP on AS/400 V5R2. Getting loads of error
logs with the above error. What is causing this problem. Not too au faut
with Apache. What can we do to get a clearer picture on what is causing
this problem. Any assistance would be greatly appreciated!!
Thanks a ton.
Title: Openssl-0.9.7c changes cause SSL handshake failure
Hi all,
I need some help in figuring out how to solve a SSL handshake failure that started after upgrading (from 0.9.7b) to 0.9.7c. Here are the symptoms:
SSL_connect breaks with SSL_R_MISSING_EXPORT_TMP_RSA_KEY. This happens
Hi,
I am using openssl-0.9.5. The openSSL API is used within the Kannel open
source C http library.Platform: Windows NT. The following error is occuring
quite often when https requests are made to my secure server:
2003-08-06 09:58:39 [3] WARNING: SSL: handshake interrupted by system (stop
Hi girish,
As I said I am no wizard in ssl internals :-(
however what do you mean in negative flow ? do you refer ssl handshake
failure ?
I am now trying using the libwww-perl with the SSLeay for client
authentication against an apache server running mod_ssl (something like the
s_server util
On Mon, Aug 11, 2003 at 02:51:44PM +, Girish Hegde wrote:
But by using those APIs i cannot do the testing for negtive flow, i started
writing a TCP/IP server(non SSL) and tried to send the messages( like
ServerHello, ServerHelloDone etc) mannually.
I created the structures as defined in
[EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: '[EMAIL PROTECTED]'
[EMAIL PROTECTED],[EMAIL PROTECTED]
Subject: RE: Configuring SSL Handshake
Date: Mon, 11 Aug 2003 13:24:33 +0200
Hi Girish,
I do not now if you can change / configure the SSL Handshake message and
there is probably no need to do so
Hi there,
I am very new to SSL. I am testing a client application which is built over
OpenSSL. I would like to write a PERL application to test the same. Is there
any way to test the SSL Handshake stuffs?
With an SSL echo server i am able to check only the Positive flow of the
application
If your sockets are all in non-blocking mode, you will
need to do a select() on the socket (for writing)
after the call to connect() to confirm that the
connection has completed. The SSL_connect() call
should then return the need_write/need_read. If it
doesn't, then I would try looping even if
171.64.70.217)
[27/Mar/2002 14:51:23 29952] [info] Seeding PRNG with 1160 bytes of
entropy
[27/Mar/2002 14:52:15 29952] [error] SSL handshake timed out (client x,
server x:y)
Using Server: Apache/1.3.14, Interface: mod_ssl/2.7.1, Library:
OpenSSL/0.9.6 on Solaris 2.6.
Gary
--
It has yet to be proven
I am having problems with an SSL handshake between per5 on solaris8 and
weblogic5.1 on solaris 7.
i ran ssldump and this is what i got...
1 1 0.0500 (0.0500) CS Handshake
ClientHello
Version 3.0
cipher suites
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Is anyone aware of SSL handshake problems with using the latest OpenSSL
package with BEA Weblogic 5.1?
If so, please elaborate... If not, any clues as to what things to look for
in handshake problems would be greatly appreciated.
Thanks
[mailto:[EMAIL PROTECTED]]
Sent: 04 October 2001 15:40
To: [EMAIL PROTECTED]
Subject: SSL Handshake Failure !
Importance: High
Dear all,
Sorry for posting the following again, but I am in a bit hurry.
I'm running an Apache server (1.3.19) with openssl 0.9.6b on
Solaris 2.6
Andy Schneider wrote:
Does anyone have any canned code I could steal that does IP address
validation. I.e. grabs the IP address from the alt subject name and
compares it against the IP of the incoming socket?
No I don't. But in outline you need to extract and decode the subject
alt name
Anybody can explain me these SSL3_MT_* state?
Thanks.
-Zhong
-Original Message-
From: Zhong Chen
Sent: Wednesday, July 11, 2001 11:13 AM
To: [EMAIL PROTECTED]
Subject: ssl handshake state
In the ssl state machine, there are additional state with prefix _MT_.
Is this for multi-thread
In the ssl state machine, there are additional state with prefix _MT_.
Is this for multi-thread? In which case the state machine will go to
these states? Is there a API to control it?
Thanks.
Zhong
#define SSL3_MT_HELLO_REQUEST 0
#define SSL3_MT_CLIENT_HELLO
: Monday, April 23, 2001 7:07 PM
Subject: Re: tracing SSL handshake?
On Mon, Apr 23, 2001 at 04:45:13PM -0400, George Lind wrote:
-Original Message-
From: George Lind
Sent: Monday, April 23, 2001 2:23 PM
To: '[EMAIL PROTECTED]'
Subject: tracing SSL handshake?
I would
Greetings
A few weeks ago I began to look at
possibilities into implementing
SSL into a webserver I work with. I began by looking
at numerous examples
(as well as ordering the SSL/TLS book I have heard so much
about, but it
still has not arrived), and after
a lot of playing around I am
14800]
[trace] OpenSSL: Exit: error in SSLv3 read client certificate B[23/jan/2001
17:22:52 14800] [error] SSL handshake failed (server cerbereweb.anpe.fr:843,
client 10.0.144.161) (OpenSSL library error follows)[23/jan/2001 17:22:52
14800] [error] OpenSSL: error:140890B2:SSL
the client certificates of the Netscape Certificate
Server in the directory conf/ssl.crt ?
Regards,
Ravi APPANAH
- Original Message -
From: "Owen Boyle" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, January 26, 2001 10:40 AM
Subject: Re: URGENT : SSL Handshake failed
dr
): unable to get local issuer
certificate[Tue Jan 23 13:21:14 2001] [error] mod_ssl: SSL handshake failed
(server cerbereweb.anpe.fr:843, client 10.0.144.161) (OpenSSL library error
follows)[Tue Jan 23 13:21:14 2001] [error] OpenSSL: error:140890B2:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:no
, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
-Original Message-
From: drt rappanah [mailto:[EMAIL PROTECTED]]
Sent: 25 January 2001 14:07
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: URGENT : SSL Handshake failed
Importance: High
Hi
Hi,
The problem happens most obviously when connecting large numbers
of sockets at once, and it happens on the accepting (server) side.
In the example where I have a test client application opening 500
sockets at maximum speed to a test server, almost every single
connection will get set up
55] [error] SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[02/Oct/2000 07:55:11 00655] [error] System: Connection reset by peer
(errno: 104)
/log_snippet
There is no discernable pattern to this. Sometimes it happens, sometimes it
doesn't. There
al Message -
From: "Tim Tassonis" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, September 22, 2000 9:17 AM
Subject: bad mac decode in ssl handshake
Hi
When I try to contact the following SSL site with s_client, I cannot
connect:
www.genowebpayment.de:443
I have
From: Tim Tassonis [EMAIL PROTECTED]
timtas What I found out as well:
timtas
timtas - openssl s_client -ssl2 works
timtas - openssl s_client -ssl3 works
timtas
timtas So, only when I specify no protocol, the error occurs. What could that
timtas mean?
That the server doesn't like TLS1 too
Tim Tassonis wrote:
www.genowebpayment.de:443
I haven't got an idea what web server they're using, but I can connect
successfully with Netscape Communicator 4.75 under Linux for instance.
You can find out what server a SSL-enabled web site is running at Netcraft:
Greetings!
Forgive the question, but what are these?
[16/Mar/2000 10:43:59 00208] [info] Spurious SSL handshake
interrupt[Hint: Usua
lly just one of those OpenSSL confusions!?]
[16/Mar/2000 10:44:19 00403] [info] Connection to child 5 established
(server d
b2.rack01.techfuel.com:443, client
no problems at all)
Apache error:
[error] mod_ssl: SSL handshake failed (server myserver.net:443,
client 195.38.232.12) (OpenSSL library error follows)
[error] OpenSSL: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
handshake failure
This is on Apache 1.3.11 AND 1.3.12
with openssl
Hi,
I'm trying to connect to a site with a self signed certificate. And I
get the below error message. I am able to correctly connect to other
secured sites...
Thanks in advance for the help.
8 /home/pziatek openssl s_client -connect security.corp.sgi.com:443
-state
Hallo,
In OpenSSL 0.9.3a I get the folowing handshake error:
(WindowsNT)
Logging from my program
SSL_connct: 11 to Host before/connect initialization
SSL_connct: 11 to Host SSLv3 write client hello A
SSL_read : 11 to Host SSL3 alert fatal:handshake failure
/Logging from my program
On Thu, Sep 23, 1999 at 03:17:32PM +0200, Goetz Babin-Ebell wrote:
In OpenSSL 0.9.3a I get the folowing handshake error:
(WindowsNT)
Logging from my program
SSL_connct: 11 to Host before/connect initialization
SSL_connct: 11 to Host SSLv3 write client hello A
SSL_read : 11 to Host SSL3
One Strange thing though is that when I ran openssl for the first time I got
something saying "Unable to get random, try to use option -rand". But after
I used "make test" this behavour vanished ??? But it is stil very slow
generating the private keys
/Patrick
Patrick Harlin schrieb:
One Strange thing though is that when I ran openssl for the first time I got
something saying "Unable to get random, try to use option -rand". But after
I used "make test" this behavour vanished ???
Thsi is normal behaviour. OpenSSL creates a randseed file
in which
Harlin [EMAIL PROTECTED]
Sent: Sunday, July 11, 1999 3:14 AM
Subject: Re: Slow Generation of RSA private keys and SSL handshake on
HP-UX
9000/xxx...
"Patrick Harlin" [EMAIL PROTECTED]:
I have tested on all the platforms several times, and I could still
see that one of the mac
"Patrick Harlin" [EMAIL PROTECTED]:
I have tested on all the platforms several times, and I could still
see that one of the machines have problem with slow generation of
private keys. It seems like Test2 machine always is 3 minutes slower
then all other HP installations ??? One other odd
Hi again!
I have tested on all the platforms several times,
and I could still see that one of the machines have problem with slow generation
of private keys. It seems like Test2 machine always is 3 minutes slower then all
other HP installations ??? One other odd thing is that this machine
Ulf,
I removed the cpp file and everything finally compiled without errors.
Thanks for your continued assistance on this!
Unfortunately, I'm still not able to connect and am still at a loss
as to why. When I run s_client I receive the following:
CONNECTED(0003)
31019:error:140790E3:SSL
I am having these problem about the SSL handshake, the stronghold server
return the error code 0x28 (hanshake-failure) after my SSL client program send
the Client_key_exchange (0x16,0x03,0x00,..), Cipher_change_spec
(0x14,0x03,0x00,) and client-hanshake_finished(0x16,0x03,0x00
101 - 172 of 172 matches
Mail list logo