[openssl-users] a problem connecting to a specific Site ...

Walter H. Walter.H at mathemainzel.info
Sat Nov 3 07:56:06 UTC 2018 

Hello,

it is a little bitte weird/strange/complicated;

On 02.11.2018 23:05, Matt Caswell wrote:
>
> On 02/11/2018 21:51, Walter H. wrote:
>> Hello,
>>
>> when I try to connect to https://www.3bg.at/
>> I get the following error
>>
>> Handshake with SSL server failed: error:1408E0F4:SSL
>> routines:SSL3_GET_MESSAGE:unexpected message
>>
>> but
>> https://www.ssllabs.com/ssltest/analyze.html?d=www.3bg.at
>> says its ok ...
>>
>> is the problem on my side or on their side?
> You'll need to give us more information. I can connect to that server
> using OpenSSL 1.0.2 s_client.
>
> What version of OpenSSL are you using? Is this with your own application
> or from s_client? What ciphersuites have you configured? Any other
> relevant configuration that we should know about?
>
>
the mentioned error comes with squid - ssl-bump on;
in case I switch it off and have it as normal proxy, then is really 
suspisious:
- an old Firefox (17.0.11esr) has no problems, the Sites is shown and works

- an older Google Chrome (the last one f. WinXP, v46) gives:
                       SSL connection error
                       ERR_SSL_PROTOCOL_ERROR

- a fork of the latest Pale Moon (Mypal) and an old Palemoon itself (the 
last one f. WinXP) gives:
                     An error occurred during a connection to www.3bg.at.
                     Peer's certificate has an invalid signature.
                     (Error code: SEC_ERROR_BAD_SIGNATURE)

what is this strange?

but what does this mean at the mentioned SSLlabs result:

Certificate Transparency No

when I compare to any other site (e.g. my own with Let's encrypt 
certificate),
I get

Certificate Transparency *Yes (certificate)*

is this caused on my side or on the other side?

Thanks,
Walter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181103/63eb3cec/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3491 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20181103/63eb3cec/attachment.bin>

More information about the openssl-users mailing list