Using NetBSD/i386 5.99.55, I cannot connect to following servers
with OpenSSL 1.0.1-stable 05 Jun 2011.
Servers: (port: 443)
www.netbk.co.jp
pc.sbisonpo.co.jp
secure.nicovideo.jp
For example,
% openssl version
WARNING: can't open config file: /etc/openssl/openssl.cnf
OpenSSL 1.0.1-stable 05 Jun 2011
% uname -a
NetBSD hydrogen.elements.tetera.org 5.99.55 NetBSD 5.99.55 (LEAFGIRL4) #11: Wed Jul 20 01:20:26 JST 2011 ro...@hydrogen.elements.tetera.org:/usr/obj/sys/arch/i386/compile/LEAFGIRL4 i386
% openssl s_client -connect www.netbk.co.jp:443
WARNING: can't open config file: /etc/openssl/openssl.cnf
CONNECTED(00000006)
(timeout...)
But,
% openssl s_client -connect www.netbk.co.jp:443 -ssl3
works well.
Is this bug of NetBSD-current?
Thank you.
P.S.
I do not know OpenSSL 1.0.1-stable 05 Jun 2011 on non-NetBSD.
--
Ryo ONODERA // ryo...@yk.rim.or.jp
PGP fingerprint = 82A2 DC91 76E0 A10A 8ABB FD1B F404 27FA C7D1 15F3
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-...@muc.de
I'm not a big expert in SSL/TLS things, but since noone else
did answer so far:
current OpenSSL seems to try TLS1.2 initially. It seems that
there are servers which just hang after such a connection
attempt instead of engaging in negotiation.
> % openssl s_client -connect www.netbk.co.jp:443 -ssl3
> works well.
tls1 too. tls1_1 fails immediately. tls1_2 hangs.
So either our openssl to too new for this world, or these
servers are too old/buggy...
best regards
Matthias
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Forschungszentrum Juelich GmbH
52425 Juelich
Sitz der Gesellschaft: Juelich
Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498
Vorsitzender des Aufsichtsrats: MinDirig Dr. Karl Eugen Huthmacher
Geschaeftsfuehrung: Prof. Dr. Achim Bachem (Vorsitzender),
Dr. Ulrich Krafft (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt,
Prof. Dr. Sebastian M. Schmidt
------------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------------
Is it possible that the OpenSSL TLS 1.2 handshake is broken?
Kind regards
--
Matthias Scheler http://zhadum.org.uk/