s_server configuration

Steven Madwin smadwin at adobe.com
Mon Jul 15 23:37:55 UTC 2019 


Hi All,

 

I’m trying to get an OCSP server operating in an SSL (really TLS1.2) environment. It works fine in the HTTP world, but I’m having issues with getting s_server to handle the communication in the Secure HTTPS world.

 

If anyone has any suggestions to get the connection to persist I’d be VERY appreciative!

 

This is what I’m seeing:

 

--- Using OpenSSL v1.1.1c to enable TLS on Port 8902 ---

 

C:\OpenSSL-Win64\bin>openssl  s_server -port 8902 -4 -certform PEM -cert "C:\OpenSSL-Win64\bin\PEM\test.cer" -cert_chain C:\OpenSSL-Win64\bin\PEM\DigiCertTrustChain.cer -keyform PEM -pass pass:password -key "C:\OpenSSL-Win64\bin\PEM\test_key.pem"  -status_verbose

 

Using default temp DH parameters

ACCEPT

 

cert_status: callback called

cert_status: AIA URL: http://ocsp.digicert.com

cert_status: Can't retrieve issuer certificate.

-----BEGIN SSL SESSION PARAMETERS-----

MFoCAQECAgMDBALAMAQABDBt6uS6sCfohxxHvmv7hPIXRbjKzDqNJqoCpymZR1qc

CpGHf1mBjQ5/B32R7/aXl8mhBgIEXS0L6KIEAgIcIKQGBAQBAAAArQMCAQE=

-----END SSL SESSION PARAMETERS-----

Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA

Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512

Shared Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512

Supported Elliptic Curve Point Formats: uncompressed

Supported Elliptic Groups: X25519:P-256:P-384

Shared Elliptic groups: X25519:P-256:P-384

---

No server certificate CA names sent

CIPHER is ECDHE-RSA-AES256-GCM-SHA384

Secure Renegotiation IS supported

POST / HTTP/1.1

Accept: */*

Content-Type: application/ocsp-request

Content-Length: 143

Character-Encoding: binary

User-Agent: PPKHandler

Host: gemma.adobe.com:8902

Connection: Keep-Alive

Cache-Control: no-cache

Cookie: AAMC_adobe_0=REGION%7C9; s_nr=1562971576381-Repeat; adcloud={%22_les_v%22:%22y%2Cadobe.com%2C1564005807%22}; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=-1303530583%7CMCAID%7C2D05BCDE05032D0E-40001185A003F0F0%7CMCMID%7C06088709957453939181689303953590820094%7CMCAAMLH-1563576332%7C9%7CMCAAMB-1563576332%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCOPTOUT-1562978727s%7CNONE%7CvVersion%7C3.3.0%7CMCIDTS%7C18072%7CMCSYNCSOP%7C411-18079%7CMCCIDH%7C1521286796; mbox=PC#ddd404f9c1d0418ba9692aaf983e9e03.28_36#1626216329|session#7b3f3fbfb1504526acdb639358290766#1562973437; s_vi=[CS]v1|2D05BCDE05032D0E-40001185A003F0F0[CE]; _fbp=fb.1.1561413807767.1078876052

 

0
     +00­     +0[1]

  _____  


  _____  

ƒ°â█g┘⌐├Z<₧é╚ @ERROR

shutting down SSL

CONNECTION CLOSED

 

 




 

Steven Madwin

Software PKI Engineer

Adobe Inc.

345 Park Avenue, MS-W15

San Jose, CA 95110-2704 USA

Phone:   408.536.4343

Fax:         408.536.6024

 <mailto:Steven.Madwin at adobe.com> Steven.Madwin at adobe.com

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190715/e337f1b7/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.gif
Type: image/gif
Size: 1089 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190715/e337f1b7/attachment-0002.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.gif
Type: image/gif
Size: 1200 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190715/e337f1b7/attachment-0003.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5468 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20190715/e337f1b7/attachment-0001.bin>

More information about the openssl-users mailing list