Hello,
in 1.2.0 the requirement of client certificate as well as verification of sever and client certificate are set on by default. Maybe you had them off in the old version. See the tls manual to change the values of those parameters.
http://www.openser.org/docs/tls.html#AEN293
Cheers, Daniel
On 02/02/07 14:44, mika.saari@wipsl.com wrote:
Hi again,
My openssl is openssl-0.9.8c-4, and SNOM 360 firmware is latest 6.5.2. I also found that somebody had problems with certificate bit size (2048/512), so generated totally new 1024 CA and 1024 certificate request, but still no luck with SNOM. ssldump seems like this:
Thanks for any hints / tips, -Mika
-- clip -- 1 1 0.0710 (0.0710) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_NULL_MD5 TLS_RSA_WITH_NULL_SHA TLS_DH_anon_WITH_3DES_EDE_CBC_SHA TLS_DH_anon_WITH_RC4_128_MD5 TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC4_56_SHA TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA TLS_DH_anon_WITH_DES_CBC_SHA compression methods NULL 1 2 0.0780 (0.0069) S>C Handshake ServerHello Version 3.1 session_id[32]= 0e 74 fa c8 ed 22 e1 8b 0c ad aa ce f0 70 a0 a9 d6 5c d1 23 14 06 fc 37 9b 2d 7c 89 73 1c 0b 80 cipherSuite TLS_RSA_WITH_RC4_128_SHA compressionMethod NULL 1 3 0.0780 (0.0000) S>C Handshake Certificate 1 4 0.0780 (0.0000) S>C Handshake CertificateRequest certificate_types rsa_sign certificate_types dss_sign certificate_types unknown value ServerHelloDone 1 5 0.3278 (0.2498) C>S Handshake Certificate 1 6 0.3278 (0.0000) C>S Handshake ClientKeyExchange 1 7 0.3278 (0.0000) C>S ChangeCipherSpec 1 8 0.3278 (0.0000) C>S Handshake 1 9 0.3280 (0.0002) S>C Alert level fatal value handshake_failure 1 0.3284 (0.0003) S>C TCP RST -- clip --
Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users