[openssl-users] Working with s_time and nginx

Kjetil Birkeland Moe kjetil at skifremme.no
Wed Aug 31 16:42:08 UTC 2016


Dear all,
I have turned to /s_time/ to evaluate the performance of a local Nginx 
server setup, but seems to immediately run into problems that do not 
appear when using /s_client/.

Server setup is largely based on recommendations from bettercrypto.org, 
which also demonstrate the same problems with their setup as I currently 
do: "openssl s_time -connect bettercrypto.org:443 -cipher 
AES128-GCM-SHA256 -time 2" returns

  * "140373676381952:error:14094410:SSL routines:ssl3_read_bytes:sslv3
    alert handshake failure:ssl/record/rec_layer_s3.c:1362:SSL alert
    number 40" in OpenSSL 1.1.0
  * "140416684930936:error:14077410:SSL
    routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
    failure:s23_clnt.c:769:" in version 1.0.2h.

This problem has been found when running from Fedora 24, and also with 
other ciphers than just the one mentioned above, as 
ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA, AES256-SHA, but 
not with AES128-SHA.

(Looking at the error message, there seems to be ssl3 involved. Though I 
believe that only TLS connections are allowed on the servers mentioned.)

I am greatful for insight that would make it possible to use /s_time/ 
properly.


best regards,
Kjetil Birkeland Moe

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160831/b748c9d2/attachment.html>


More information about the openssl-users mailing list