FS#13882 - [openssl] Connection failed
Attached to Project:
Arch Linux
Opened by Rene (hit) - Thursday, 19 March 2009, 22:42 GMT
Last edited by Pierre Schmitz (Pierre) - Monday, 13 July 2009, 00:55 GMT
Opened by Rene (hit) - Thursday, 19 March 2009, 22:42 GMT
Last edited by Pierre Schmitz (Pierre) - Monday, 13 July 2009, 00:55 GMT
|
Details
Name : openssl
Version : 0.9.8j-1 Name : xchat Version : 2.8.6-3 Connection failed. Error: (336151568) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure Happens when trying to connect to SSL enabled server with Xchat |
This task depends upon
Closed by Pierre Schmitz (Pierre)
Monday, 13 July 2009, 00:55 GMT
Reason for closing: Fixed
Additional comments about closing: or at least a workaround was added to deal with broken servers.
Monday, 13 July 2009, 00:55 GMT
Reason for closing: Fixed
Additional comments about closing: or at least a workaround was added to deal with broken servers.
The fact that pidgin is connecting without any problem to the same IRC server would male me prepend for an xchat bug...
SSLv2 works, SSLv3 doesn't.
[alt-os@shamash ~]$ openssl s_client -ssl3 -host crypto.azzurra.org -port 9999
CONNECTED(00000003)
9072:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1060:SSL alert number 40
9072:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:
[alt-os@shamash ~]$ openssl s_client -ssl2 -host crypto.azzurra.org -port 9999
CONNECTED(00000003)
depth=0 /C=IT/ST=Italia/L=Roma/O=Azzurra IRC Network/OU=tin.it IRC server/CN=tin.azzurra.org/CN=irc.azzurra.tin.it
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=IT/ST=Italia/L=Roma/O=Azzurra IRC Network/OU=tin.it IRC server/CN=tin.azzurra.org/CN=irc.azzurra.tin.it
verify error:num=10:certificate has expired
notAfter=Apr 15 13:07:04 2008 GMT
verify return:1
depth=0 /C=IT/ST=Italia/L=Roma/O=Azzurra IRC Network/OU=tin.it IRC server/CN=tin.azzurra.org/CN=irc.azzurra.tin.it
notAfter=Apr 15 13:07:04 2008 GMT
verify return:1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIC0TCCAjqgAwIBAgIJAPi/mMlc+hlQMA0GCSqGSIb3DQEBBAUAMIGeMQswCQYD
VQQGEwJJVDEPMA0GA1UECBMGSXRhbGlhMQ0wCwYDVQQHEwRSb21hMRwwGgYDVQQK
ExNBenp1cnJhIElSQyBOZXR3b3JrMRowGAYDVQQLExF0aW4uaXQgSVJDIHNlcnZl
cjEYMBYGA1UEAxMPdGluLmF6enVycmEub3JnMRswGQYDVQQDExJpcmMuYXp6dXJy
YS50aW4uaXQwHhcNMDUwNzIwMTMwNzA0WhcNMDgwNDE1MTMwNzA0WjCBnjELMAkG
A1UEBhMCSVQxDzANBgNVBAgTBkl0YWxpYTENMAsGA1UEBxMEUm9tYTEcMBoGA1UE
ChMTQXp6dXJyYSBJUkMgTmV0d29yazEaMBgGA1UECxMRdGluLml0IElSQyBzZXJ2
ZXIxGDAWBgNVBAMTD3Rpbi5henp1cnJhLm9yZzEbMBkGA1UEAxMSaXJjLmF6enVy
cmEudGluLml0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5CkG2E3Qx7gym
M6XcTam9b8tuyMIsAz3xy1R5znHVp6VPthInXOZzzNLViUHrb62ksaTplumO1vAx
KEPzVKCm5GY7mFyYvClSmjSqRcCFbusIa/1Zlnb3QY1A8nw2CXdp6zF+o+4+JcWt
FRkrSGSGmC7vi+hemt/AbbpOIIBSwQIDAQABoxUwEzARBglghkgBhvhCAQEEBAMC
BkAwDQYJKoZIhvcNAQEEBQADgYEARLveGZ5snCe9XD/jJaLEtPBhpq4OTW/s+s0z
P6u2VQbq8aKzIO8Npag7CQ0ViT9IwBZLV2u8QkGhzQvv5zjvhXM8+Z3MjldBz881
DM7oLZKz8ne7PtrYN2NFWq4egNKsoNNQZDtH9WTfKqr1UglZzErd45Sn0krCP77z
gG/6I8w=
-----END CERTIFICATE-----
subject=/C=IT/ST=Italia/L=Roma/O=Azzurra IRC Network/OU=tin.it IRC server/CN=tin.azzurra.org/CN=irc.azzurra.tin.it
issuer=/C=IT/ST=Italia/L=Roma/O=Azzurra IRC Network/OU=tin.it IRC server/CN=tin.azzurra.org/CN=irc.azzurra.tin.it
---
No client certificate CA names sent
---
Ciphers common between both SSL endpoints:
RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5
EXP-RC2-CBC-MD5 DES-CBC-MD5 DES-CBC3-MD5
---
SSL handshake has read 858 bytes and written 239 bytes
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 1024 bit
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv2
Cipher : DES-CBC3-MD5
Session-ID: 6A26436AF7843A429FEBD3C40DDA16F2
Session-ID-ctx:
Master-Key: 03B252F404783CC9E09E7EB9757616639A1538FF6EADCD15
Key-Arg : A32A44026893009A
Start Time: 1238668388
Timeout : 300 (sec)
Verify return code: 10 (certificate has expired)
---
^C
[alt-os@shamash ~]$
Name : xchat
Version : 2.8.6-3
Name : openssl
Version : 0.9.8k-2
* Looking up irc.oftc.net
* Connecting to irc.geo.oftc.net (85.214.36.108) port 9999...
* * Certification info:
* Subject:
* CN=reticulum.oftc.net
* Issuer:
* O=Open and Free Technology Community
* OU=certification authority for irc
* CN=irc.ca.oftc.net
* emailAddress=support@oftc.net
* Public key algorithm: rsaEncryption (2048 bits)
* Sign algorithm sha1WithRSAEncryption
* Valid since Jul 22 11:25:49 2008 GMT to Jul 22 11:25:49 2009 GMT
* * Cipher info:
* Version: TLSv1/SSLv3, cipher AES256-SHA (256 bits)
* Connected. Now logging in...
...
* *** Connected securely via SSLv3 AES256-SHA-256
* Welcome to the OFTC Internet Relay Chat Network djgera
gyachi-1.1.71 & 1.2.1
openfire-3.6.3
NFS connections from my laptop running debian lenny and my archlinux server and desktop boxen
check with:
grep sse2 /proc/cpuinfo
Opening a bug report apart, for this
FS#15454At the moment, running a 64bit installation, the problem is still presenting.
Checking the host that Gerardo is suggesting (irc.geo.oftc.net) it's actually working fine: not with crypto.azzurra.org instead.
As you said in previous comments, passing -no_ticket solves the problem. Searching on the web I encountered this [#1], seems that is a problem when connection with servers that have and old/not fixed openssl version.
@Cheifchimp: You have a problem between your Debian and Arch Linux ? Or I understand bad ? In case of true, what is the openssl version that you have on the Debian machine?
[#1] http://www.nabble.com/openssl-0.9.8j-ssl3-connect-problem-td21453577.html
Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz 64bit on desktop
fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx lm constant_tsc arch_perfmon pebs bts rep_good pni dtes64 monitor ds_cpl est tm2 ssse3 cx16 xtpr pdcm lahf_lm
Intel(R) Xeon(TM) CPU 2.80GHz (dual 32bit processors)
fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe pebs bts cid xtpr
Yes, when I try to mount a directory hosted from my server or desktop running Arch on my laptop running debian lenny 5.0.2.
openssl-0.9.8g-15+lenny1
thankyou thankyou thankyou