ssl_error_handshake_failure_alert hints?

[Work]

Hi everyone --

 

I'm an OpenSSL noob trying to debug some code written by someone that's

smarter than me.  It's basically a small HTTPS server using self-signed certs. 

It works fine with IE and Google Chrome, but not Firefox.  Even after adding

a security exception for Firefox, I still get the dreaded

ssl_error_handshake_failure_alert

 

I'm using OpenSSL 1.0.0a and also tried 0.9.8l

 

Firefox (3.6) can successfully connect to: openssl s_server -cert mycert.pem -www

(tested with 1.0.0a) and shows all the ciphers, etc.

 

After MUCH reading and Googling, it seems like the below is important (and

as far as I know, correct):

 

SSL_CTX_new(SSLv23_method())

SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE)

SSL_CTX_set_cipher_list(ctx, "ALL:!eNULL:!aNULL:@STRENGTH")

SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, ...

 

I ran some tests using openssl s_client -CAfile cacert.pem -connect localhost:443

 

My app with 0.9.8l, openssl 0.9.8l fails with:

verify return:1

6436:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:.

\ssl\s3_pkt.c:1061:SSL alert number 40

6436:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:.\ssl\s23_lib

.c:188:

 

If I use -ssl2, it appears to succeed without the SSL errors above.  Using

-ssl3 fails like above.

 

My app with 1.0.0a, openssl 1.0.0a also fails (it does show certificate info,

but the information about the session shows New (NONE), Cipher is (NONE), etc).

 

Given the errors above, can anyone point me towards some docs, or APIs, or ???

that can help me troubleshoot and fix the reason that Firefox and

OpenSSL -s_client can't connect to my HTTPS server?

 

Thanks a lot

 

Doug