[openssl-users] DSA with OpenSSL-1.1

Matt Caswell matt at openssl.org
Fri Jul 1 13:39:02 UTC 2016



On 01/07/16 14:29, pepone.onrez wrote:
> Hi,
> 
> After upgrade my software to use OpenSSL-1.1 one of the test is
> failing, the test in question client and server are configured to use
> DSA certificates. The server is configured to request a client
> certificate.
> 
>    SSL error occurred for new outgoing connection:
>    remote address = 127.0.0.1:47812
>    error # = 336151568
>    message = error:14094410:SSL routines:ssl3_read_bytes:reason(1040)
>    location = ssl/record/rec_layer_s3.c, 1467
>    data = SSL alert number 40

Is this the error you get on the server or the client? The above
indicates the connection was aborted because a HandshakeFailure alert
was received from the peer. Therefore you need to look at the other end
of the communication and see if there is some error message that
indicates why the alert was sent.

Matt




> 
> When using OpenSSL 1.0.1 the connection success
> 
>    cipher = DHE-DSS-AES256-GCM-SHA384
>    bits = 256
>    remote address = 127.0.0.1:43629
>    protocol = TLSv1.2
> 
> 
> I try to set security level to 0 for 1.1 but that doesn't make any
> difference here, any ideas what could be the issue?
> 


More information about the openssl-users mailing list