I'm trying to use OpenSSL to connect to an SSL server.
When I run:
openssl s_client -connect myhost.com:443
The following SSL client configurations work just fine:
- Windows (
OpenSSL 0.9.83e 23 Feb 2007
) - Linux (
OpenSSL 0.9.8o 01 Jun 2010
) - Linux (
OpenSSL 1.0.0-fips 29 Mar 2010
)
Output from any successful connection looks like this:
New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : DES-CBC3-SHA
Session-ID: (hidden)
Session-ID-ctx:
Master-Key: (hidden)
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1337266099
Timeout : 300 (sec)
Verify return code: 0 (ok)
However, when I use client with my Ubuntu 12.04 (w/ OpenSSL 1.0.1 14 Mar 2012
) I get error:
CONNECTED(00000003)
...:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
How can I proceed on solving this?
All tips are much appreciated!
This looks to be a known issue with Ubuntu's 1.0.1 OpenSSL: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/965371
It doesn't look like a fix is available. If possible you could downgrade to 1.0.0.
Try
openssl s_client -tls1 -connect myhost.com:443
This error can be caused by an older version of openssl when it can not re-negotiate the cipher (I generated a self-signed certificate using elliptic curves).
Specifically, I was getting the same error on MacOS with default openssl - 0.9.8zh
After installing the brew version OpenSSL 1.0.2f the error went away:
If you get this issue with a Java HTTPS server running on OpenJDK, try editing
/etc/java-7-openjdk/security/java.security
and commenting out the lineas discovered by Christoph W.