Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

s_server and s_client

462 views
Skip to first unread message

Daniel Leddy

unread,
Mar 16, 2001, 4:01:24 PM3/16/01
to
Thanks for that Greg, but I've already tried it with the file in the directory.

When I try running openssl s_server -nocert
and connecting a client to it this is what I get:

1.
C:\SSL>openssl s_server -nocert
Loading 'screen' into random state - done
Using default temp DH parameters
ACCEPT

2.
C:\SSL>openssl s_client
Loading 'screen' into random state - done
CONNECTED(00000084)
4294831691:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handsh
ake failure:./ssl/s23_clnt.c:453:

3. Back on the server side
bad gethostbyaddr
ERROR
4294688291:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:./
ssl/s3_srvr.c:769:
shutting down SSL
CONNECTION CLOSED
ACCEPT


I also tried the same for the client with the debug on and this is what I get:

C:\SSL>openssl s_client -debug
Loading 'screen' into random state - done
CONNECTED(00000084)
write to 004F137C [004F14EC] (130 bytes => 130 (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00 ......W... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05 .........f......
0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00 ................
0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00 .e..d..c..b..a..
0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14 `...........@...
0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................
0060 - 00 80 0f 3d a3 5c ae 69-8a 3f dd f2 34 f3 d6 ff ...=.\.i.?..4...
0070 - 21 2a f4 14 b8 91 c5 14-96 d8 57 ef b8 2f 1d ae !*........W../..
0080 - 53 d7 S.
read from 004F137C [004F6A48] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 28 ......(
4294724607:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert hands
ake failure:./ssl/s23_clnt.c:453:

Thanks again and any suggestions would be great.
Daniel

______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org

Lutz Jaenicke

unread,
Mar 16, 2001, 7:33:28 PM3/16/01
to
On Fri, Mar 16, 2001 at 08:22:13PM +0000, Daniel Leddy wrote:
> When I try running openssl s_server -nocert
> and connecting a client to it this is what I get:
>
> 1.
> C:\SSL>openssl s_server -nocert
> Loading 'screen' into random state - done
> Using default temp DH parameters
> ACCEPT
>
> 2.
> C:\SSL>openssl s_client
> Loading 'screen' into random state - done
> CONNECTED(00000084)
> 4294831691:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> handsh
> ake failure:./ssl/s23_clnt.c:453:
>
> 3. Back on the server side
> bad gethostbyaddr
> ERROR
> 4294688291:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
> cipher:./
> ssl/s3_srvr.c:769:
> shutting down SSL
> CONNECTION CLOSED
> ACCEPT

The server _must_ present a certificate. For RSA ciphers a RSA cert must
be available, for DSA ciphers a DSA certificate must be available.
Since you do not give the server a certificate it does not support any
cipher, so the "no shared cipher" error must occur.
There are ciphers without certificate (anonymous with DH parameters: ADH),
but these are not secure against man-in-the-middle attacks and are therefore
disabled by default. You must explicitly allow them on s_client and s_server
with the -cipher option, see "man ciphers" for more details.

Best regards,
Lutz
--
Lutz Jaenicke Lutz.J...@aet.TU-Cottbus.DE
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153

0 new messages