[Touch-packages] [Bug 1612711] Re: TLS negation fails

Wed, 08 Nov 2017 17:41:45 -0800 

Despite printing "no peer certificate available" below, the postgresql
server serves three certificates (two intermediates and a leaf) as
picked up by ssldump.

In this case it is the client side that is triggering the handshake
failure, not the server. The client side refuses to add the cause of the
handshake failure to the error message, which is definitely a bug.

postgres@sql02:~$ openssl s_client -verify 10 -CAfile .postgresql/root.crt -key 
.postgresql/postgresql.key -cert .postgresql/postgresql.crt -connect sql01:5432 
-servername sql01
verify depth is 10
CONNECTED(00000003)
139930468939416:error:140790E5:SSL routines:ssl23_write:ssl handshake 
failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 379 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1510188432
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1612711

Title:
  TLS negation fails

Status in openssl package in Ubuntu:
  Confirmed

Bug description:
  This seems like a duplicate of #965371, however that is marked fixed,
  so I don't know.

  I'm running 16.04.1.  I'm setting up OpenLDAP with TLS.  I've followed
  the instructions at https://help.ubuntu.com/lts/serverguide/openldap-
  server.html#openldap-tls, and test with the command openssl s_client
  -connect my.server.com:389 -showcerts and I get the error:

  140668035487384:error:140790E5:SSL routines:ssl23_write:ssl handshake
  failure:s23_lib.c:177

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1612711/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to