Fwd: Re: openssl s_client connection fails

Patrice Guérin guerinp at talasi.fr
Wed Nov 18 15:23:13 UTC 2020

Hi All,
Sorry, send to <openssl-users at openssl.org> missing.


-------- Message transféré --------
Sujet : 	Re: openssl s_client connection fails
Date : 	Wed, 18 Nov 2020 11:40:33 +0000
De : 	Matt Caswell <matt at openssl.org>
Pour : 	openssl-users at openssl.org

On 18/11/2020 11:24, Patrice Guérin wrote:
> 3072988928:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert
> handshake failure:../ssl/record/rec_layer_s3.c:1407:SSL alert number 40

This is a very generic "something went wrong" alert that is being
received from the server and could be due to any number of issues. Do
you have access to the server in question? If so there may be more clues
in the server logs that might explain it.

> Does anybody have an idea on what's going wrong ?

One thing that springs to mind that often goes wrong is SNI handling.
s_client changed between 1.1.0 and 1.1.1 to always provider SNI by
default. If the server requires SNI then it could explain this
behaviour. Your can add SNI in 1.1.0 by using the "-servername" command
line option followed by the name of the server in question, e.g.

$ openssl s_client -connect www.openssl.org -port 443 -servername


> Thank you in advance.
> Kind regards
> Patrice.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20201118/3575ffce/attachment.html>

More information about the openssl-users mailing list