a problem connecting to a specific Site ...

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

a problem connecting to a specific Site ...

Walter H.
Hello,

when I try to connect to https://www.3bg.at/
I get the following error

Handshake with SSL server failed: error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected message

but
https://www.ssllabs.com/ssltest/analyze.html?d=www.3bg.at
says its ok ...

is the problem on my side or on their side?

Thanks,
Walter


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: a problem connecting to a specific Site ...

Matt Caswell-2


On 02/11/2018 21:51, Walter H. wrote:

> Hello,
>
> when I try to connect to https://www.3bg.at/
> I get the following error
>
> Handshake with SSL server failed: error:1408E0F4:SSL
> routines:SSL3_GET_MESSAGE:unexpected message
>
> but
> https://www.ssllabs.com/ssltest/analyze.html?d=www.3bg.at
> says its ok ...
>
> is the problem on my side or on their side?

You'll need to give us more information. I can connect to that server
using OpenSSL 1.0.2 s_client.

What version of OpenSSL are you using? Is this with your own application
or from s_client? What ciphersuites have you configured? Any other
relevant configuration that we should know about?

Matt
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: a problem connecting to a specific Site ...

Walter H.
Hello,

it is a little bitte weird/strange/complicated;

On 02.11.2018 23:05, Matt Caswell wrote:

On 02/11/2018 21:51, Walter H. wrote:
Hello,

when I try to connect to https://www.3bg.at/
I get the following error

Handshake with SSL server failed: error:1408E0F4:SSL
routines:SSL3_GET_MESSAGE:unexpected message

but
https://www.ssllabs.com/ssltest/analyze.html?d=www.3bg.at
says its ok ...

is the problem on my side or on their side?
You'll need to give us more information. I can connect to that server
using OpenSSL 1.0.2 s_client.

What version of OpenSSL are you using? Is this with your own application
or from s_client? What ciphersuites have you configured? Any other
relevant configuration that we should know about?


the mentioned error comes with squid - ssl-bump on;
in case I switch it off and have it as normal proxy, then is really suspisious:
- an old Firefox (17.0.11esr) has no problems, the Sites is shown and works

- an older Google Chrome (the last one f. WinXP, v46) gives:
                      SSL connection error
                      ERR_SSL_PROTOCOL_ERROR

- a fork of the latest Pale Moon (Mypal) and an old Palemoon itself (the last one f. WinXP) gives:
                    An error occurred during a connection to www.3bg.at.
                    Peer’s certificate has an invalid signature.
                    (Error code: SEC_ERROR_BAD_SIGNATURE)

what is this strange?

but what does this mean at the mentioned SSLlabs result:

Certificate Transparency   No

when I compare to any other site (e.g. my own with Let's encrypt certificate),
I get

Certificate Transparency   Yes (certificate)

is this caused on my side or on the other side?

Thanks,
Walter

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: a problem connecting to a specific Site ...

OpenSSL - User mailing list
On 03/11/2018 08:56, Walter H. wrote:

> Hello,
>
> it is a little bitte weird/strange/complicated;
>
> On 02.11.2018 23:05, Matt Caswell wrote:
>> On 02/11/2018 21:51, Walter H. wrote:
>>> Hello,
>>>
>>> when I try to connect tohttps://www.3bg.at/
>>> I get the following error
>>>
>>> Handshake with SSL server failed: error:1408E0F4:SSL
>>> routines:SSL3_GET_MESSAGE:unexpected message
>>>
>>> but
>>> https://www.ssllabs.com/ssltest/analyze.html?d=www.3bg.at
>>> says its ok ...
>>>
>>> is the problem on my side or on their side?
>> You'll need to give us more information. I can connect to that server
>> using OpenSSL 1.0.2 s_client.
>>
>> What version of OpenSSL are you using? Is this with your own application
>> or from s_client? What ciphersuites have you configured? Any other
>> relevant configuration that we should know about?
>>
>>
> the mentioned error comes with squid - ssl-bump on;
> in case I switch it off and have it as normal proxy, then is really
> suspisious:
> - an old Firefox (17.0.11esr) has no problems, the Sites is shown and
> works
>
> - an older Google Chrome (the last one f. WinXP, v46) gives:
>                       SSL connection error
>                       ERR_SSL_PROTOCOL_ERROR
>
> - a fork of the latest Pale Moon (Mypal) and an old Palemoon itself
> (the last one f. WinXP) gives:
>                     An error occurred during a connection to www.3bg.at.
>                     Peer’s certificate has an invalid signature.
>                     (Error code: SEC_ERROR_BAD_SIGNATURE)
>
> what is this strange?
>
> but what does this mean at the mentioned SSLlabs result:
>
> Certificate Transparency No
>
> when I compare to any other site (e.g. my own with Let's encrypt
> certificate),
> I get
>
> Certificate Transparency *Yes (certificate)*
>
> is this caused on my side or on the other side?
>
>
Certificate Transparency means that the CA that issued the certificate
also published it using a Google-promoted protocol to provide
"Transparency" for the certificate issuing industry, at the cost of
customer privacy.

Chrome Browser now (or soon) punishes websites that whose certificate
was not published that way, making it a relevant test for web server
operators wanting to check that everything will work in all browsers.

Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S.  https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users