[openssl-dev] s_client version 1.1 fails to handshake to s_server when -nocert option
Michel
michel.sales at free.fr
Sun Jan 10 13:40:32 UTC 2016
Hi,
s_client version 1.0.2e handshakes successfully to s_server when option
-nocert is used :
openssl s_server -nocert -cipher "ALL:eNULL:@STRENGTH"
openssl s_client -cipher "ALL:eNULL:@STRENGTH"
result : TLS 1.2, AECDH-AES256-SHA
openssl s_server -nocert -cipher "ALL:eNULL:!ECDH:@STRENGTH"
openssl s_client -cipher "ALL:eNULL:@STRENGTH"
result : TLS 1.2, ADH-AES256-GCM-SHA384
but NOT with version 1.1-pre :
openssl s_server -nocert -cipher "ALL:eNULL:@STRENGTH"
openssl s_client -cipher "ALL:eNULL:@STRENGTH"
server :
Using default temp DH parameters
ACCEPT
ERROR
6952:error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared
cipher:.\ssl\statem\statem_srvr.c:1528:
shutting down SSL
CONNECTION CLOSED
client:
CONNECTED(00000304)
11432:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake
failure:.\ssl\record\rec_layer_s3.c:1355:SSL alert number 40
As I do not see any reason for that, I believe it is a bug but I was not
able to diagnose/fix it.
(traces are attached to this mail).
Regards,
Michel.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160110/28db99b2/attachment-0001.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: client_err_out.txt
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160110/28db99b2/attachment-0004.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: client_out.txt
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160110/28db99b2/attachment-0005.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: server_err_out.txt
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160110/28db99b2/attachment-0006.txt>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: server_out.txt
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160110/28db99b2/attachment-0007.txt>
More information about the openssl-dev
mailing list