[openssl-users] Openssl not sending "client hello" request

Felix Rubio Dalmau felix at kngnt.org
Tue Dec 29 19:11:59 UTC 2015 

Hi all,

	I  have been searching for some time for a solution and I can not manage to 
solve my problem. I have a computer that can not connect to some sites, e.g. 
github, by using openssl. I am running a debian testing with all the updates 
available as of today, and libssl used is v1.0.2. If I execute:

> openssl s_client -connect github.com:443

The only answer I get is:

> CONNECTED(00000003)
> 140058172421776:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:s23_clnt.c:794: ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 7 bytes and written 315 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> 
> SSL-Session:
>     Protocol  : TLSv1.2
>     Cipher    : 0000
>     Session-ID:
>     Session-ID-ctx:
>     Master-Key:
>     Key-Arg   : None
>     PSK identity: None
>     PSK identity hint: None
>     SRP username: None
>     Start Time: 1451415453
>     Timeout   : 300 (sec)
>     Verify return code: 0 (ok)
> 
> --- 

I have created a network namespace and executed the program inside while 
sniffing the traffic with tcpdump (See attached file). If I execute ***the same*** 
openssl binary on my arch linux, the program works flawlessly. If I obtain also 
the traffic on the arch, I see a difference: in my debian there is no 
clienthello sent to the server, whereas in arch linux it is. I would consider, 
under these circumstances, that is an environment problem in my debian. 
Therefore I have executed the same command on a completely fresh bash, without 
any strange environment vars, obtaining the same result.  Then I thought it 
could be related to any configuration file, but... I have not been able to find 
any :S

Can somebody give any hint? I would really appreciate it.
thank you!
Felix
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not_working.cap
Type: application/vnd.tcpdump.pcap
Size: 1815 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151229/af708c42/attachment.cap>

More information about the openssl-users mailing list