On 1 July 2016 at 15:39, Matt Caswell <matt at openssl.org> wrote: > > > On 01/07/16 14:29, pepone.onrez wrote: >> Hi, >> >> After upgrade my software to use OpenSSL-1.1 one of the test is >> failing, the test in question client and server are configured to use >> DSA certificates. The server is configured to request a client >> certificate. >> >> SSL error occurred for new outgoing connection: >> remote address = 127.0.0.1:47812 >> error # = 336151568 >> message = error:14094410:SSL routines:ssl3_read_bytes:reason(1040) >> location = ssl/record/rec_layer_s3.c, 1467 >> data = SSL alert number 40 > > Is this the error you get on the server or the client? The above > indicates the connection was aborted because a HandshakeFailure alert > was received from the peer. Therefore you need to look at the other end > of the communication and see if there is some error message that > indicates why the alert was sent. > > Matt That was on the client, looking at the server I see it reports there is no shared cipher SSL error occurred for new incoming connection: remote address = 127.0.0.1:36951 error # = 337092801 message = error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher I have try to enable all ciphers with ALL:@SECLEVEL=0, but still get the same error, it is not clear why server client don't find a common cipher here. Regards, Jos? > > > > >> >> When using OpenSSL 1.0.1 the connection success >> >> cipher = DHE-DSS-AES256-GCM-SHA384 >> bits = 256 >> remote address = 127.0.0.1:43629 >> protocol = TLSv1.2 >> >> >> I try to set security level to 0 for 1.1 but that doesn't make any >> difference here, any ideas what could be the issue? >> > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
