[openssl-users] DSA with OpenSSL-1.1
pepone.onrez
pepone.onrez at gmail.com
Fri Jul 1 14:22:33 UTC 2016
On 1 July 2016 at 15:39, Matt Caswell <matt at openssl.org> wrote:
>
>
> On 01/07/16 14:29, pepone.onrez wrote:
>> Hi,
>>
>> After upgrade my software to use OpenSSL-1.1 one of the test is
>> failing, the test in question client and server are configured to use
>> DSA certificates. The server is configured to request a client
>> certificate.
>>
>> SSL error occurred for new outgoing connection:
>> remote address = 127.0.0.1:47812
>> error # = 336151568
>> message = error:14094410:SSL routines:ssl3_read_bytes:reason(1040)
>> location = ssl/record/rec_layer_s3.c, 1467
>> data = SSL alert number 40
>
> Is this the error you get on the server or the client? The above
> indicates the connection was aborted because a HandshakeFailure alert
> was received from the peer. Therefore you need to look at the other end
> of the communication and see if there is some error message that
> indicates why the alert was sent.
>
> Matt
That was on the client, looking at the server I see it reports there
is no shared
cipher
SSL error occurred for new incoming connection:
remote address = 127.0.0.1:36951
error # = 337092801
message = error:1417A0C1:SSL
routines:tls_post_process_client_hello:no shared cipher
I have try to enable all ciphers with ALL:@SECLEVEL=0, but still get
the same error,
it is not clear why server client don't find a common cipher here.
Regards,
José
>
>
>
>
>>
>> When using OpenSSL 1.0.1 the connection success
>>
>> cipher = DHE-DSS-AES256-GCM-SHA384
>> bits = 256
>> remote address = 127.0.0.1:43629
>> protocol = TLSv1.2
>>
>>
>> I try to set security level to 0 for 1.1 but that doesn't make any
>> difference here, any ideas what could be the issue?
>>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
More information about the openssl-users
mailing list