All geek questions in one place

Communication error with OpenSSL error

When you try to connect to some OpenSSL sites, you cannot connect. I get this error using OpenSSL s_client :

 $ openssl s_client -connect www.airvistara.com:443 -debug CONNECTED(00000003) write to 0x600060cf0 [0x600076e90] (346 bytes => 346 (0x15A)) 0000 - 16 03 01 01 55 01 00 01-51 03 03 b7 94 61 d2 52 ....U...Q....aR 0010 - 8e fa c5 5e 3d d0 0b 62-91 14 c3 21 d5 62 3a e8 ...^=..b...!.b:. 0020 - 27 1c 99 12 0c e8 1d e8-ea cf 15 00 00 b4 c0 30 '..............0 0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a5 00 a3 00 a1 .,.(.$.......... 0040 - 00 9f 00 6b 00 6a 00 69-00 68 00 39 00 38 00 37 ...kjih9.8.7 0050 - 00 36 00 88 00 87 00 86-00 85 c0 32 c0 2e c0 2a .6.........2...* 0060 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 2f .&.......=.5.../ 0070 - c0 2b c0 27 c0 23 c0 13-c0 09 00 a4 00 a2 00 a0 .+.'.#.......... 0080 - 00 9e 00 67 00 40 00 3f-00 3e 00 33 00 32 00 31 ...g.@. ?.>.3.2.1 0090 - 00 30 00 9a 00 99 00 98-00 97 00 45 00 44 00 43 .0.........EDC 00a0 - 00 42 c0 31 c0 2d c0 29-c0 25 c0 0e c0 04 00 9c .B.1.-.).%...... 00b0 - 00 3c 00 2f 00 96 00 41-c0 11 c0 07 c0 0c c0 02 .<./...A........ 00c0 - 00 05 00 04 c0 12 c0 08-00 16 00 13 00 10 00 0d ................ 00d0 - c0 0d c0 03 00 0a 00 15-00 12 00 0f 00 0c 00 09 ................ 00e0 - 00 ff 02 01 00 00 73 00-0b 00 04 03 00 01 02 00 ......s......... 00f0 - 0a 00 3a 00 38 00 0e 00-0d 00 19 00 1c 00 0b 00 ..:.8........... 0100 - 0c 00 1b 00 18 00 09 00-0a 00 1a 00 16 00 17 00 ................ 0110 - 08 00 06 00 07 00 14 00-15 00 04 00 05 00 12 00 ................ 0120 - 13 00 01 00 02 00 03 00-0f 00 10 00 11 00 23 00 ..............#. 0130 - 00 00 0d 00 20 00 1e 06-01 06 02 06 03 05 01 05 .... ........... 0140 - 02 05 03 04 01 04 02 04-03 03 01 03 02 03 03 02 ................ 0150 - 01 02 02 02 03 00 0f 00-01 01 .......... read from 0x600060cf0 [0x60007c3f0] (7 bytes => 7 (0x7)) 0000 - 15 03 03 00 02 02 28 ......( 2348672:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handsha failure:s23_clnt.c:769: ...

My strength is not SSL, so some recommendations will be appreciated. Client software works with almost all sites, but there are several such errors.

+6
source share
2 answers

Client software works with almost all sites, but there are several that give this error.

As jww commented, you will not get this error if you use SNI .

SNI is supported by all modern browsers, but outside it it is not supported by older versions of Java (up to JDK6), python (up to 2.7.9), with some commonly used Android libraries, etc.

As SNI is increasingly required (all Cloudflare FreeSSL only works with SNI), client software must be patched to get SNI support.

+3
source

Use this method ...

  $ openssl s_client -connect www.example.com:443 -servername www.example.com CONNECTED(00000003) ... Cipher : ECDHE-ECDSA-AES128-GCM-SHA256

The -servername option may not be available in OpenSSL 0.9.8, but it should be with OpenSSL 1.0.1.

+2
source

Source: https://habr.com/ru/post/988639/

More articles:


All Articles