On Mon, May 25, 2015 at 11:17 PM, Jerry OELoo <oyljerry at gmail.com> wrote: > Hi. > I found there is a website which has https support. > https://www.ib-channel.net/miegin/web/jsp/B02-01.jsp > and browser can show its certificate chain. > but when I use openssl to connect website, it returns fail. > > openssl s_client -connect www.ib-channel.net:443 > CONNECTED(00000003) > write:errno=104 > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 0 bytes and written 305 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > --- > > So what is wrong that openssl can not get website's certificate? Thanks! > I'm timing out from US/New York using Apple's downlevel version of OpenSSL (0.9.8). But I'm succeeding with the latest version of OpenSSL (1.0.2a). (It seems to be opposite of what Patrick is experiencing). Also, you usually want to specify TLS and the server name. SSLv3 is pretty much dead now. SNI also ensures the server selects the right certificate at during channel setup. openssl s_client -connect www.ib-channel.net:443 \ -tls1 -servername www.ib-channel.net
