Dear all,
I have turned to /s_time/ to evaluate the performance of a local Nginx
server setup, but seems to immediately run into problems that do not
appear when using /s_client/.
Server setup is largely based on recommendations from bettercrypto.org,
which also demonstrate the same problems with their setup as I currently
do: "openssl s_time -connect bettercrypto.org:443 -cipher
AES128-GCM-SHA256 -time 2" returns
* "140373676381952:error:14094410:SSL routines:ssl3_read_bytes:sslv3
alert handshake failure:ssl/record/rec_layer_s3.c:1362:SSL alert
number 40" in OpenSSL 1.1.0
* "140416684930936:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:769:" in version 1.0.2h.
This problem has been found when running from Fedora 24, and also with
other ciphers than just the one mentioned above, as
ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA, AES256-SHA, but
not with AES128-SHA.
(Looking at the error message, there seems to be ssl3 involved. Though I
believe that only TLS connections are allowed on the servers mentioned.)
I am greatful for insight that would make it possible to use /s_time/
properly.
best regards,
Kjetil Birkeland Moe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160831/b748c9d2/attachment.html>
