[openssl-users] Working with s_time and nginx

Matt Caswell matt at openssl.org
Thu Sep 1 08:34:10 UTC 2016

On 31/08/16 17:42, Kjetil Birkeland Moe wrote:
> Dear all,
> I have turned to /s_time/ to evaluate the performance of a local Nginx
> server setup, but seems to immediately run into problems that do not
> appear when using /s_client/.
> Server setup is largely based on recommendations from bettercrypto.org,
> which also demonstrate the same problems with their setup as I currently
> do: "openssl s_time -connect bettercrypto.org:443 -cipher
> AES128-GCM-SHA256 -time 2" returns
>   * "140373676381952:error:14094410:SSL routines:ssl3_read_bytes:sslv3
>     alert handshake failure:ssl/record/rec_layer_s3.c:1362:SSL alert
>     number 40" in OpenSSL 1.1.0
>   * "140416684930936:error:14077410:SSL
>     routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
>     failure:s23_clnt.c:769:" in version 1.0.2h.

You say you don't get this problem with s_client. I just tried:

openssl s_client -connect bettercrypto.org:443 -cipher AES128-GCM-SHA256

And got exactly the same error message as above. I also tried all the
ciphersuites below that you list as problematic, and got the same error
with s_client.

So, what exactly is your command line that works with s_client?


More information about the openssl-users mailing list