Article delegate-en/4091 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] SSL no shared cipher
24 Aug 2008 14:46:30 GMT Andre <pzyhqbdyi-p53o7e4kogtr.ml@ml.delegate.org>


Hi.

While trying to influence the chosen cipher used for SSL connections, it
was pointed out to me to use "STLS="fcl, sslway -cipher <list as in
openssl s_server cipher option>.

I tried a couple of options with the openssl s_server, for example:

openssl s_server -accept 1128 -cert
/home/gn/delegate/lib/server-cert.pem -key
/home/gn/delegate/lib/server-key.pem -debug -bugs -cipher DHE-RSA-AES128-SHA

If I open a connection to this server deliberately choosing exactly this
cipher in my client, it works fine and the handshake finishes successfully.
When I pass the cipher option along to delegate as supplied above it
does not work as with the openssl s_server. The error is supplied below.

I'm using Delegate 9.8.4-pre5.



08/24 16:11:01.29 [25575] 1+1: # SSL record head[80 2C  1  3  1] SSL2 8?/46
08/24 16:11:01.29 [25575] 1+1: isinSSL ? [80] from client
08/24 16:11:01.29 [25575] 1+1: SSL Hello?5 [80 44 1 3 1]
08/24 16:11:01.29 [25575] 1+1: gethostbyname(-) unknown[0.00s]
08/24 16:11:01.29 [25575] 1+1: ## SSLway CFI_TYPE=FCL: -ac is assumed
08/24 16:11:01.29 [25575] 1+1: ## SSLway start
08/24 16:11:01.29 [25575] 1+1: ## SSLway new ctx #77200000 000B0AX
08/24 16:11:01.29 [25575] 1+1: ## SSLway certchain loaded:
/home/gn/delegate/lib/server-cert.pem
08/24 16:11:01.30 [25575] 1+1: ## SSLway keyfile loaded:
/home/gn/delegate/lib/server-key.pem
08/24 16:11:01.30 [25575] 1+1: ## SSLway -- set saveCtx fd=23
08/24 16:11:01.30 [25575] 1+1: ## SSLway B7AFFB90 loadSession 0.000114
(0 0) / -1
08/24 16:11:01.30 [25575] 1+1: ## SSLway -- TLSxSNI: recv NULL
08/24 16:11:01.30 [25575] 1+1: ## SSLway accept failed
25575:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:s3_srvr.c:1006:
08/24 16:11:01.30 [25575] 1+1: builtin-SSLway: ssl_acc() failed
(UNIX) 15:11:01.298 [25575] --E-SSLway ErrFin 25575 27 -1

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V