Re: Question about openssl s_client

To: Ryo ONODERA <ryo_on%yk.rim.or.jp@localhost>
Subject: Re: Question about openssl s_client
From: Thomas Klausner <wiz%NetBSD.org@localhost>
Date: Fri, 13 May 2011 13:02:06 +0200

On Fri, May 13, 2011 at 07:24:09PM +0900, Ryo ONODERA wrote:
> On my machine, following openssl operation fails.
> 
> % uname -a
> NetBSD hydrogen.elements.tetera.org 5.99.51 NetBSD 5.99.51 (LEAFGIRL4) #1: 
> Wed May 11 23:52:39 JST 2011  
> root%hydrogen.elements.tetera.org@localhost:/usr/obj/sys/arch/i386/compile/LEAFGIRL4
>  i386
> 
> % openssl s_client -connect www.evernote.com:443
> WARNING: can't open config file: /etc/openssl/openssl.cnf
> CONNECTED(00000006)
> 3147932500:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake 
> failure:/usr/src/crypto/external/bsd/openssl/dist/ssl/s23_lib.c:184:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 0 bytes and written 145 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> ---
> 
> 
> But, for example, following command does not fail.
> % openssl s_client -connect www.google.com:443
> 
> Is this normal on NetBSD current?
> 
> On NetBSD/cobalt 5.1, it does not fail.

This is a problem of the site (not supporting TLSv1.1 properly), see
https://bitbucket.org/site/master/issue/2552/problem-checking-out-with-tlsv11
for the same problem at bitbucket (since fixed).
 Thomas

Follow-Ups:
- Re: Question about openssl s_client
  - From: Ryo ONODERA

References:
- Question about openssl s_client
  - From: Ryo ONODERA

Prev by Date: Question about openssl s_client
Next by Date: Re: Question about openssl s_client
Previous by Thread: Question about openssl s_client
Next by Thread: Re: Question about openssl s_client
Indexes:

Home | Main Index | Thread Index | Old Index