SSL_connect:error in SSLv3/TLS write client hello → write:errno=0

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL_connect:error in SSLv3/TLS write client hello → write:errno=0

Harri T.
Hi!

I'm trying to get LDAP STARTTLS working. What does "SSL_connect:error in SSLv3/TLS write client hello → write:errno=0" mean?

Harri

root@ldap2:~# echo | openssl s_client -connect ldap2.mydomain.com:389 -showcerts -state -CAfile /etc/ssl/certs/ldap2_cacert.pem
CONNECTED(00000003)
SSL_connect:before SSL initialization
SSL_connect:SSLv3/TLS write client hello
SSL_connect:error in SSLv3/TLS write client hello
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 176 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1555084061
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
Reply | Threaded
Open this post in threaded view
|

Re: SSL_connect:error in SSLv3/TLS write client hello → write:errno=0

Harri T.
Hi all,

The problem was an expired self-generated CA certificate. Now everything
works fine.

Br,

Harri

On 12.04.2019 20:20, Harri T. wrote:

> Hi!
>
> I'm trying to get LDAP STARTTLS working. What does "SSL_connect:error in SSLv3/TLS write client hello → write:errno=0" mean?
>
> Harri
>
> root@ldap2:~# echo | openssl s_client -connect ldap2.mydomain.com:389 -showcerts -state -CAfile /etc/ssl/certs/ldap2_cacert.pem
> CONNECTED(00000003)
> SSL_connect:before SSL initialization
> SSL_connect:SSLv3/TLS write client hello
> SSL_connect:error in SSLv3/TLS write client hello
> write:errno=0
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 0 bytes and written 176 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
>      Protocol  : TLSv1.2
>      Cipher    : 0000
>      Session-ID:
>      Session-ID-ctx:
>      Master-Key:
>      PSK identity: None
>      PSK identity hint: None
>      SRP username: None
>      Start Time: 1555084061
>      Timeout   : 7200 (sec)
>      Verify return code: 0 (ok)
>      Extended master secret: no
>