[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS negotiation failure

To: openldap-software@openldap.org
Subject: Re: TLS negotiation failure
From: manu@netbsd.org (Emmanuel Dreyfus)
Date: Fri, 11 Sep 2009 05:18:19 +0200
In-reply-to: <20090910165156.GE4679@NetBSD.org>
User-agent: MacSOUP/2.7 (unregistered for 965 days)

Emmanuel Dreyfus <manu@netbsd.org> wrote:

> - Reading SSL_get_error(3), I would be in the "EOF was observed that 
> violates the procol" situation:
>     SSL_ERROR_SYSCALL
>         Some I/O error occurred.  The OpenSSL error queue may contain more
>         information on the error.  If the error queue is empty (i.e.
>         ERR_get_error() returns 0), ret can be used to find out more about
>         the error: If ret == 0, an EOF was observed that violates the pro-
>         tocol.  If ret == -1, the underlying BIO reported an I/O error (for
>         socket I/O on Unix systems, consult errno for details).

ssldump tells me  that the connexion is immedialty terminated by the
client:

A connection, as reported by ssldump, that will exhibit "TLS negociation
failure:
New TCP connection #3: client (51203) <-> server (636)
3    0.0007 (0.0007)  C>S  TCP FIN
3    0.0014 (0.0007)  S>C  TCP FIN


A sane connextion; 
New TCP connection #4: client (51204) <-> server (636)
4 1  0.0007 (0.0007)  C>S SSLv2 compatible client hello
  Version 3.1 
  cipher suites

Any idea of what could cause that?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

References:
- Re: TLS negotiation failure
  - From: Emmanuel Dreyfus <manu@netbsd.org>

Prev by Date: Emulating replication from an LDAP client (not another slapd)
Next by Date: Is Openldap supported on Windows XP/Vista/Server editions?
Index(es):
- Chronological
- Thread