Re: [F25] issue with SSL connexions: Failure of SSL transaction with

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

OK, so you're having intermittent problems with both firefox and konqueror within a fresh user account. That's useful information, because those two browsers use completely separate SSL implementations. Mozilla develops their own "nss" library for encryption, and Konqueror uses OpenSSL.
nss doesn't have a test client that I'm aware of, but since you're having trouble with an OpenSSL application, you might be able to get more information by using the "s_client" app: 

openssl s_client -connect docs.python.org:443

On my system, I see:

   CONNECTED(00000003)
   depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN =
   DigiCert High Assurance EV Root CA
   verify return:1
   depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN =
   DigiCert SHA2 Extended Validation Server CA
   verify return:1
   depth=0 businessCategory = Private Organization, jurisdictionC = US,
   jurisdictionST = Delaware, serialNumber = 3359300, street = 16 Allen
   Rd, postalCode = 03894-4801, C = US, ST = NH, L = Wolfeboro, O =
   Python Software Foundation, CN = www.python.org
   verify return:1
   ---
   Certificate chain
     0 s:/businessCategory=Private
   Organization/jurisdictionC=US/jurisdictionST=Delaware/serialNumber=3359300/street=16
   Allen Rd/postalCode=03894-4801/C=US/ST=NH/L=Wolfeboro/O=Python
   Software Foundation/CN=www.python.org
       i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2
   Extended Validation Server CA
     1 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert SHA2
   Extended Validation Server CA
       i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert High
   Assurance EV Root CA
   ---
...indicating a successfully verified certificate chain. Try connecting a few times in sequence on your system and see if you ever get failures from s_client. That might give you more information to go on.
As far as Firefox goes, you *should* get information beyond the simple error message you posted earlier. Firefox will let you view the certificate when there's a negotiation problem, and should tell you more specifically what's wrong when that happens. Click on "Advanced" for details and let us know what Firefox tells you. You can also "add an exception" and then "view" the certificate. Those details might also help clarify what's happening. 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux