[openssl-users] openssl-101m server and openssl-101q client TLS1.2 failure

Jayadev Kumar jayadev.kumar at gmail.com
Wed Dec 23 15:54:09 UTC 2015


Here is the error i got in s_client:

   97 8d e5 1f ad a8 35 e9 48 cd 09 bd 69 8d 40 d5
    fd 05 e2 66 7c 50 d5 41 7a 51 d0 6b 08 dd 37 2e
    fd 17 32 ca be b8 c1 d5 3a f0 ad 21 32 29 ae 2c
    1d ba dd 8f 18 25 94 4d dd 0a 30 35 dc a6 79 52
    70 67 f4 37 72 97 c4 e8 16 e0 fd e0 3d 16 92
>>> TLS 1.2 Alert [length 0002], fatal handshake_failure
    02 28
140066827908800:error:14082174:SSL
routines:SSL3_CHECK_CERT_AND_ALGORITHM:dh key too small:s3_clnt.c:3415:
---
Certificate chain
 0 s:/C=UK/O=OpenSSL Group/OU=FOR TESTING PURPOSES ONLY/CN=Test Server Cert
   i:/C=UK/O=OpenSSL Group/OU=FOR TESTING PURPOSES ONLY/CN=OpenSSL Test
Intermediate CA

Thanks,
Jayadev.

On Wed, Dec 23, 2015 at 9:19 PM, Matt Caswell <matt at openssl.org> wrote:

>
>
> On 23/12/15 15:20, Jayadev Kumar wrote:
> > Hi,
> >
> > When i run openssl-1.0.1m server with
> >
> > ./openssl101m  s_server -accept 443 -msg
> >
> > and openssl-1.0.1q client with following command
> >
> > ./openssl101q  s_client -connect x.x.x.x:443
> >
> > I see server is failing with error
> >
> >>>> TLS 1.2 Handshake [length 0004], ServerHelloDone
> >     0e 00 00 00
> > <<< TLS 1.2 Alert [length 0002], fatal handshake_failure
> >     02 28
> > ERROR
> > 140005164332736:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
> > handshake failure:s3_pkt.c:1289:SSL alert number 40
> > shutting down SSL
> >
> >
> > This is not see when both client and server uses 'openssl' binary from
> > 'openssl-1.0.1m'. Is this a known issue ? Any workarounds known ?
>
> Do you get an error printed on the client side? If so what is it?
>
> Matt
>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151223/e4fa2a19/attachment-0001.html>


More information about the openssl-users mailing list