<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Dear all,<br>
I have turned to <i>s_time</i> to evaluate the performance of a
local Nginx server setup, but seems to immediately run into
problems that do not appear when using <i>s_client</i>.<br>
<br>
Server setup is largely based on recommendations from
bettercrypto.org, which also demonstrate the same problems with
their setup as I currently do: "openssl s_time -connect
bettercrypto.org:443 -cipher AES128-GCM-SHA256 -time 2" returns</p>
<ul>
<li>"140373676381952:error:14094410:SSL
routines:ssl3_read_bytes:sslv3 alert handshake
failure:ssl/record/rec_layer_s3.c:1362:SSL alert number 40" in
OpenSSL 1.1.0</li>
<li>"140416684930936:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:769:" in version 1.0.2h.</li>
</ul>
<p> This problem has been found when running from Fedora 24, and
also with other ciphers than just the one mentioned above, as
ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA, AES256-SHA,
but not with AES128-SHA.<br>
</p>
<p>(Looking at the error message, there seems to be ssl3 involved.
Though I believe that only TLS connections are allowed on the
servers mentioned.)<br>
</p>
<p>I am greatful for insight that would make it possible to use <i>s_time</i>
properly.</p>
<p><br>
</p>
<p>best regards,<br>
Kjetil Birkeland Moe<br>
</p>
</body>
</html>