5 Feb
2007
5 Feb
'07
12:03 p.m.
Hello,
in 1.2.0 the requirement of client certificate as well as verification
of sever and client certificate are set on by default. Maybe you had
them off in the old version. See the tls manual to change the values of
those parameters.
http://www.openser.org/docs/tls.html#AEN293
Cheers,
Daniel
On 02/02/07 14:44, mika.saari(a)wipsl.com wrote:
Hi again,
My openssl is openssl-0.9.8c-4, and SNOM 360 firmware is latest 6.5.2. I
also found that somebody had problems with certificate bit size
(2048/512), so generated totally new 1024 CA and 1024 certificate
request, but still no luck with SNOM. ssldump seems like this:
Thanks for any hints / tips,
-Mika
-- clip --
1 1 0.0710 (0.0710) C>S Handshake
ClientHello
Version 3.1
cipher suites
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_NULL_MD5
TLS_RSA_WITH_NULL_SHA
TLS_DH_anon_WITH_3DES_EDE_CBC_SHA
TLS_DH_anon_WITH_RC4_128_MD5
TLS_RSA_WITH_DES_CBC_SHA
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_DH_anon_WITH_DES_CBC_SHA
compression methods
NULL
1 2 0.0780 (0.0069) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
0e 74 fa c8 ed 22 e1 8b 0c ad aa ce f0 70 a0 a9
d6 5c d1 23 14 06 fc 37 9b 2d 7c 89 73 1c 0b 80
cipherSuite TLS_RSA_WITH_RC4_128_SHA
compressionMethod NULL
1 3 0.0780 (0.0000) S>C Handshake
Certificate
1 4 0.0780 (0.0000) S>C Handshake
CertificateRequest
certificate_types rsa_sign
certificate_types dss_sign
certificate_types unknown value
ServerHelloDone
1 5 0.3278 (0.2498) C>S Handshake
Certificate
1 6 0.3278 (0.0000) C>S Handshake
ClientKeyExchange
1 7 0.3278 (0.0000) C>S ChangeCipherSpec
1 8 0.3278 (0.0000) C>S Handshake
1 9 0.3280 (0.0002) S>C Alert
level fatal
value handshake_failure
1 0.3284 (0.0003) S>C TCP RST
-- clip --
_______________________________________________
Users mailing list
Users(a)openser.org
http://openser.org/cgi-bin/mailman/listinfo/users