s_server configuration

[Steven Madwin via openssl-users <openssl-users@xxxxxxxxxxx>]

Hi All,

 

I’m trying to get an OCSP server operating in an SSL (really TLS1.2) environment. It works fine in the HTTP world, but I’m having issues with getting s_server to handle the communication in the Secure HTTPS world.

 

If anyone has any suggestions to get the connection to persist I’d be VERY appreciative!

 

This is what I’m seeing:

 

--- Using OpenSSL v1.1.1c to enable TLS on Port 8902 ---

 

C:\OpenSSL-Win64\bin>openssl  s_server -port 8902 -4 -certform PEM -cert "C:\OpenSSL-Win64\bin\PEM\test.cer" -cert_chain C:\OpenSSL-Win64\bin\PEM\DigiCertTrustChain.cer -keyform PEM -pass pass:password -key "C:\OpenSSL-Win64\bin\PEM\test_key.pem"  -status_verbose

 

Using default temp DH parameters

ACCEPT

 

cert_status: callback called

cert_status: AIA URL: http://ocsp.digicert.com

cert_status: Can't retrieve issuer certificate.

-----BEGIN SSL SESSION PARAMETERS-----

MFoCAQECAgMDBALAMAQABDBt6uS6sCfohxxHvmv7hPIXRbjKzDqNJqoCpymZR1qc

CpGHf1mBjQ5/B32R7/aXl8mhBgIEXS0L6KIEAgIcIKQGBAQBAAAArQMCAQE=

-----END SSL SESSION PARAMETERS-----

Shared ciphers:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA

Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512

Shared Signature Algorithms: RSA+SHA256:RSA+SHA384:RSA+SHA1:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA1:DSA+SHA1:RSA+SHA512:ECDSA+SHA512

Supported Elliptic Curve Point Formats: uncompressed

Supported Elliptic Groups: X25519:P-256:P-384

Shared Elliptic groups: X25519:P-256:P-384

---

No server certificate CA names sent

CIPHER is ECDHE-RSA-AES256-GCM-SHA384

Secure Renegotiation IS supported

POST / HTTP/1.1

Accept: */*

Content-Type: application/ocsp-request

Content-Length: 143

Character-Encoding: binary

User-Agent: PPKHandler

Host: gemma.adobe.com:8902

Connection: Keep-Alive

Cache-Control: no-cache

Cookie: AAMC_adobe_0=REGION%7C9; s_nr=1562971576381-Repeat; adcloud={%22_les_v%22:%22y%2Cadobe.com%2C1564005807%22}; AMCV_9E1005A551ED61CA0A490D45%40AdobeOrg=-1303530583%7CMCAID%7C2D05BCDE05032D0E-40001185A003F0F0%7CMCMID%7C06088709957453939181689303953590820094%7CMCAAMLH-1563576332%7C9%7CMCAAMB-1563576332%7Cj8Odv6LonN4r3an7LhD3WZrU1bUpAkFkkiY1ncBR96t2PTI%7CMCOPTOUT-1562978727s%7CNONE%7CvVersion%7C3.3.0%7CMCIDTS%7C18072%7CMCSYNCSOP%7C411-18079%7CMCCIDH%7C1521286796; mbox=PC#ddd404f9c1d0418ba9692aaf983e9e03.28_36#1626216329|session#7b3f3fbfb1504526acdb639358290766#1562973437; s_vi=[CS]v1|2D05BCDE05032D0E-40001185A003F0F0[CE]; _fbp=fb.1.1561413807767.1078876052

 

0
     +00­     +0[1]

---



---

ƒ°â█g┘⌐├Z<₧é╚ @ERROR

shutting down SSL

CONNECTION CLOSED

 

 

Steven Madwin Software PKI Engineer Adobe Inc. 345 Park Avenue, MS-W15 San Jose, CA 95110-2704 USA Phone:   408.536.4343 Fax:         408.536.6024 Steven.Madwin@xxxxxxxxx

 

 

Attachment: smime.p7s
Description: S/MIME cryptographic signature