Openssl handshake issues

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Openssl handshake issues

Julie S. Lin

> Hi All,
>
> I've got a problem with flakey ssl connections on my courier mail
> server. I get memory errors with shared libraries stemming from a bad
> ssl handshake.
>
> here's the basic stats...redhat ES 4, with openssl-0.9.7a-43.8
> installed by rpm, and courier-0.43.2 w/ self signed cert
> on a machine with iptables/ipchains and SELinux disabled completely.
>
> and here's the absolutely baffling behavior ...  refuses to connect
> "sometimes" where I have to try
> a few times before it connects.  this is from the local machine,
> slink, that is the mail server..which means users going to ssl 993
> port from any mail reader experience problems. Can anyone tell me why
> this behavior would be occuring? Any hints or pointing in the right
> direction would be greatly appreciated.
>
> (see details below)
>
>
> [root@slink init.d]# openssl s_client -connect mail:993 -ssl3
> CONNECTED(00000003)
> 4725:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
> failure:s3_pkt.c :529:
> [root@slink init.d]# openssl s_client -connect mail:993 -ssl3
> CONNECTED(00000003)
> 4727:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake
> failure:s3_pkt.c :529:
>
> [root@slink init.d]# openssl s_client -connect mail:993 -ssl3  *<----
> SUCCESSFUL CONNECTION FINALLY*
> CONNECTED(00000003)
> depth=0 /C=US/ST=NY/L=New York/O=Courier Mail
> Server/OU=Automatically-generated IMAP SSL
> key/CN=localhost/emailAddress=[hidden email]
> verify error:num=18:self signed certificate
> verify return:1
> depth=0 /C=US/ST=NY/L=New York/O=Courier Mail
> Server/OU=Automatically-generated IMAP SSL
> key/CN=localhost/emailAddress=[hidden email]
> verify return:1
> ---
> Certificate chain
> 0 s:/C=US/ST=NY/L=New York/O=Courier Mail
> Server/OU=Automatically-generated IMA P SSL
> key/CN=localhost/emailAddress=[hidden email]
>   i:/C=US/ST=NY/L=New York/O=Courier Mail
> Server/OU=Automatically-generated IMA P SSL
> key/CN=localhost/emailAddress=[hidden email]
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIIC9zCCAmCgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBtTELMAkGA1UEBhMCVVMx
> CzAJBgNVBAgTAk5ZMREwDwYDVQQHEwhOZXcgWW9yazEcMBoGA1UEChMTQ291cmll
> ciBNYWlsIFNlcnZlcjEtMCsGA1UECxMkQXV0b21hdGljYWxseS1nZW5lcmF0ZWQg
> SU1BUCBTU0wga2V5MRIwEAYDVQQDEwlsb2NhbGhvc3QxJTAjBgkqhkiG9w0BCQEW
> FnBvc3RtYXN0ZXJAZXhhbXBsZS5jb20wHhcNMDYwMTA5MTg1NTExWhcNMDcwMTA5
> MTg1NTExWjCBtTELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAk5ZMREwDwYDVQQHEwhO
> ZXcgWW9yazEcMBoGA1UEChMTQ291cmllciBNYWlsIFNlcnZlcjEtMCsGA1UECxMk
> QXV0b21hdGljYWxseS1nZW5lcmF0ZWQgSU1BUCBTU0wga2V5MRIwEAYDVQQDEwls
> b2NhbGhvc3QxJTAjBgkqhkiG9w0BCQEWFnBvc3RtYXN0ZXJAZXhhbXBsZS5jb20w
> gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJkm68p7dSiBCX2V258aalT4T8QI
> FecX9/032TNxeYrIBohe8EhHWwyIEP4T32YsgY7JMxCIdD4ESt811BQ65b/m0fVW
> /xj8yafYrjt/qt5ODdUp/i/xJZ/vjx+7yHO6mSm5z3k003LaoJjufS28o+whTJU+
> 8VRgixo7pkxCIjVVAgMBAAGjFTATMBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG
> 9w0BAQQFAAOBgQAFisF2ZkLY9enG0UiYf0nuxrLkNRnisKKPtCrqN256l67ekRJC
> +FwfrQtr5UHOY2yy4OyHlAJbNpV6644mgi7UWYGe8ggLERSWNHuhhS4lWKdZOisA
> axCETxrc8EXfUUterXdAls3d+nBI1ppPYk2eTKvqMFI+Yvx0VLU9mYRU5A==
> -----END CERTIFICATE-----
> subject=/C=US/ST=NY/L=New York/O=Courier Mail
> Server/OU=Automatically-generated IMAP SSL
> key/CN=localhost/emailAddress=[hidden email]
> issuer=/C=US/ST=NY/L=New York/O=Courier Mail
> Server/OU=Automatically-generated I MAP SSL
> key/CN=localhost/emailAddress=[hidden email]
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 941 bytes and written 312 bytes
> ---
> New, TLSv1/SSLv3, Cipher is AES256-SHA
> Server public key is 1024 bit
> SSL-Session:
>    Protocol  : SSLv3
>    Cipher    : AES256-SHA
>    Session-ID:
> 8C04BB85DD7EF09B11EDDD682544AD6A2698B0C305BD3EB41389A27FB1BC9ED2
>    Session-ID-ctx:
>    Master-Key:
> CF5E1D02075AC5330228D4F9DE1B566A2E112B3380CB4F97B03B2ED7A0AF0831
> D7BE70A2C9C664907DEE6480C559B00A
>    Key-Arg   : None
>    Krb5 Principal: None
>    Start Time: 1142970746
>    Timeout   : 7200 (sec)
>    Verify return code: 18 (self signed certificate)
> ---
> * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE
> THREAD=ORDEREDSUBJECT THRE AD=REFERENCES SORT QUOTA IDLE AUTH=PLAIN
> ACL ACL2=UNION XMAGICTRASH] Courier-IMA P ready. Copyright 1998-2005
> Double Precision, Inc.  See COPYING for distributio n information.
>
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]