On 31/08/16 17:42, Kjetil Birkeland Moe wrote: > Dear all, > I have turned to /s_time/ to evaluate the performance of a local Nginx > server setup, but seems to immediately run into problems that do not > appear when using /s_client/. > > Server setup is largely based on recommendations from bettercrypto.org, > which also demonstrate the same problems with their setup as I currently > do: "openssl s_time -connect bettercrypto.org:443 -cipher > AES128-GCM-SHA256 -time 2" returns > > * "140373676381952:error:14094410:SSL routines:ssl3_read_bytes:sslv3 > alert handshake failure:ssl/record/rec_layer_s3.c:1362:SSL alert > number 40" in OpenSSL 1.1.0 > * "140416684930936:error:14077410:SSL > routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake > failure:s23_clnt.c:769:" in version 1.0.2h. You say you don't get this problem with s_client. I just tried: openssl s_client -connect bettercrypto.org:443 -cipher AES128-GCM-SHA256 And got exactly the same error message as above. I also tried all the ciphersuites below that you list as problematic, and got the same error with s_client. So, what exactly is your command line that works with s_client? Matt
