Issue with openssl client and IIS Server

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Issue with openssl client and IIS Server

Subramanian Ramachandran

Hi,

 

I signed up with the openssl yesterday and the thread I posted yesterday with the issue given below is still pending on www.nabble.com. Hence I decided to just write another email to the above address.

 

My issue:

I am using openssl to connect to an IIS 6.0 server. I am just getting alphanumerc (%^$????...etc) characters as the received message for the first time. Why is this so? Subsequent messages are received correctly by the IIS server. I have tried my best to research the options I am setting and have carried out many tests but, no success. I am using the following flow of commands to negotiate and connect with the IIS server before posting any data:

SSL_library_init();
            SSL_load_error_strings();
            httpclient_SSL_CTX = SSL_CTX_new(SSLv3_client_method());
             ....
             ....  
            /* set up SSL structures */
            SSL_CTX_sess_set_cache_size(httpclient_SSL_CTX, 20);
            SSL_CTX_set_session_cache_mode(httpclient_SSL_CTX,
                                           SSL_SESS_CACHE_CLIENT |
                                           SSL_SESS_CACHE_NO_AUTO_CLEAR);
            SSL_CTX_set_timeout(httpclient_SSL_CTX, SESSION_TIMEOUT);

            SSL_CTX_set_mode(httpclient_SSL_CTX, 0);

           
            /* set up which ciphers we are willing to use */
            /*  CIPHER_LIST = "RC4-SHA:RC4-MD5:EXP-RC4-MD5" */
            err = SSL_CTX_set_cipher_list(httpclient_SSL_CTX, CIPHER_LIST);
              .....
               ......

      /* create new SSL connection */
      hc->SSL_conn = SSL_new(httpclient_SSL_CTX);
      ..........

      /* using SSL for client, not server */
      SSL_set_connect_state(hc->SSL_conn);
      ...........

      /* do not enable auto-retry mode for rehandshaking */
      SSL_set_mode(hc->SSL_conn, 0);
     ............

      /* connect SSL object to our socket */
      SSL_set_fd(hc->SSL_conn, hc->Sock);
      /*SESSION_TIMEOUT = 300 seconds */
      SSL_set_timeout(hc->SSL_conn->session, SESSION_TIMEOUT);

     sslconnect:
      ERR_clear_error();

      /* negotiate SSL with server */
      err = SSL_connect(hc->SSL_conn);

I configured the initial socket as blocking so that SSL_connect only returns after the complete negotiation. My understanding is that SSL_connect should take care of all cert and key exchanges so that when I subsequently use the socket hc->SSL_conn.

Am i missing something here?

Thanks for your help in advance.

 

Subbu

 

Subramanian Ramachandran

Embedded Software Engineer

 

MWAlogoTM

 

MWA Intelligence, Inc.

Managing Workforce and Assets

 

15990 N Greenway Hayden Loop

Suite 400

Scottsdale, AZ 85260

480.538.5614 Direct

480.299.3368 Cell

480.538.5995 Fax

[hidden email]

 

For more information, please visit www.mwaintel.com or contact our Customer Care Center at 888.703.2780.