[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: TLS negotiation failure



Emmanuel Dreyfus <manu@netbsd.org> wrote:

> - Reading SSL_get_error(3), I would be in the "EOF was observed that 
> violates the procol" situation:
>     SSL_ERROR_SYSCALL
>         Some I/O error occurred.  The OpenSSL error queue may contain more
>         information on the error.  If the error queue is empty (i.e.
>         ERR_get_error() returns 0), ret can be used to find out more about
>         the error: If ret == 0, an EOF was observed that violates the pro-
>         tocol.  If ret == -1, the underlying BIO reported an I/O error (for
>         socket I/O on Unix systems, consult errno for details).

ssldump tells me  that the connexion is immedialty terminated by the
client:

A connection, as reported by ssldump, that will exhibit "TLS negociation
failure:
New TCP connection #3: client (51203) <-> server (636)
3    0.0007 (0.0007)  C>S  TCP FIN
3    0.0014 (0.0007)  S>C  TCP FIN


A sane connextion; 
New TCP connection #4: client (51204) <-> server (636)
4 1  0.0007 (0.0007)  C>S SSLv2 compatible client hello
  Version 3.1 
  cipher suites

Any idea of what could cause that?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org