Why no peer certificate available.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 26/05/15 04:17, Jerry OELoo wrote:
> Hi.
> I found there is a website which has https support.
> https://www.ib-channel.net/miegin/web/jsp/B02-01.jsp
> and browser can show its certificate chain.
> but when I use openssl to connect website, it returns fail.
> 
> openssl s_client -connect www.ib-channel.net:443
> CONNECTED(00000003)
> write:errno=104
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 0 bytes and written 305 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> ---
> 
> So what is wrong that openssl can not get website's certificate? Thanks!
> 

This appears to be the server hang on over long ClientHello bug. Some
buggy servers cannot cope if the ClientHello is longer than 255 bytes.

I get a hang if I attempt to connect to the above site however if I pass
"-DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=100" to Configure it all works fine.
It also works fine if I use "-no_tls1_2" with s_client to disable TLS1.2
support, or if I set a custom (reduced length) cipher list.

Matt


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux