[openssl-users] Help with "tlsv1 alert insufficient security"

Joseph Southwell jsouthwell at serengeti.com
Fri Feb 24 16:15:43 UTC 2017


We upgraded from 0.9.8 to 1.0.2 and now we are seeing that message when we try connecting to a server that previously worked. What does it mean and how can I figure out how to work around it? I can’t get the server to change anything and I need to be able to continue connecting to it. 

openssl s_client -connect xxxxxxx.com <http://xxxxxxx.com/>:#### -starttls ftp

CONNECTED(00000170)
4960:error:1407742F:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert insufficient security:.\ssl\s23_clnt.c:770:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 88 bytes and written 317 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.1
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1487578706
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170224/de165e3e/attachment.html>


More information about the openssl-users mailing list