[openssl-users] Working with s_time and nginx
Matt Caswell
matt at openssl.org
Thu Sep 1 08:34:10 UTC 2016
On 31/08/16 17:42, Kjetil Birkeland Moe wrote:
> Dear all,
> I have turned to /s_time/ to evaluate the performance of a local Nginx
> server setup, but seems to immediately run into problems that do not
> appear when using /s_client/.
>
> Server setup is largely based on recommendations from bettercrypto.org,
> which also demonstrate the same problems with their setup as I currently
> do: "openssl s_time -connect bettercrypto.org:443 -cipher
> AES128-GCM-SHA256 -time 2" returns
>
> * "140373676381952:error:14094410:SSL routines:ssl3_read_bytes:sslv3
> alert handshake failure:ssl/record/rec_layer_s3.c:1362:SSL alert
> number 40" in OpenSSL 1.1.0
> * "140416684930936:error:14077410:SSL
> routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
> failure:s23_clnt.c:769:" in version 1.0.2h.
You say you don't get this problem with s_client. I just tried:
openssl s_client -connect bettercrypto.org:443 -cipher AES128-GCM-SHA256
And got exactly the same error message as above. I also tried all the
ciphersuites below that you list as problematic, and got the same error
with s_client.
So, what exactly is your command line that works with s_client?
Matt
More information about the openssl-users
mailing list