Fellow ssl users, I am using SSLeay 0.9.0 on Linux-elf and there seems to be a problem with s_server (or is it really IE4.0 and IE4.01). I execute the s_server program as follows: #s_server -accept 4010 -Verify 0 -debug -state -cert mycert.pem -CAfile myCAcert.pem For a simple test a Netscape 4.0 browser is used to point to the URL of the s_server. The browser then prompts the user to select the appropriate client cert to use. While the user is selecting the client cert the server waits. The last few lines of the s_server output are: // ---snip -- // SSL_accept:SSLv3 write certificate request A write to 080DAA00 [080DEC00] (9 bytes => 9 (0x9)) 0000 - 16 03 00 00 04 0e ...... 0009 - <SPACES/NULS> SSL_accept:SSLv3 write server done A SSL_accept:SSLv3 flush data When the user finally selects the client cert the session handshake completes successfully. When I do the same thing using an IE 4.0 or IE 4.01 browser, and the user is presented with a list box containing the appropriate client certificates to use, s_server drops the SSL session with the following output: // ---snip -- // SSL_accept:SSLv3 write certificate request A write to 080DAA00 [080DEC00] (9 bytes => 9 (0x9)) 0000 - 16 03 00 00 04 0e ...... 0009 - <SPACES/NULS> SSL_accept:SSLv3 write server done A SSL_accept:SSLv3 flush data read from 080DAA00 [080F0000] (5 bytes => 0 (0x0)) SSL_accept:failed in SSLv3 read client certificate A ERROR shutting down SSL CONNECTION CLOSED ACCEPT If the user then selects a client cert the browser will establish a new SSL session and complete the handshaking successfully. Why does s_server drop the SSL session? Is IE4.0 sending a NULL packet that is not understood by the handshake function? If so do you have any idea why? Are there any special options/functions that need to be used/called for the handshake with IE4.0 that are not present in s_server? My main problem is that I have a Java application that will be connecting to an SSL server, unlike the above example which is simply a URL entered into the address edit control of the browser. When our Java applet connects through IE4.0 and s_server drops the session at the time when the user is ment to select an appropriate client cert (as described before) the Java applet send function returns immediately with an error state. Any help is very very much appreciated. Thanks in advance, Endre Papajcsik +-------------------------------------------------------------------------+ | Administrative requests should be sent to [EMAIL PROTECTED] | | List service provided by Open Software Associates, http://www.osa.com/ | +-------------------------------------------------------------------------+
