[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]
John Stoffel john@stoffel.org
Tue, 25 Jul 2017 21:43:08 GMT
Chris> I've been trying to get conserver to work with OpenSSL 1.1, as this will Chris> soon be the only version available in Debian Linux: Chris> https://bugs.debian.org/851085 Awesome news! Chris> The attached patch fixes a few trivial compile errors caused by API Chris> changes. With the attached patch applied, the code builds against Chris> Debian sid's libssl-dev (1.1). However, the server rejects all Chris> connections with a "handshake error", and a pretty generic error Chris> message that just means something is wrong with ciphers, certificates, Chris> or something like that. This causes all the tests to fail. The code Chris> doesn't even reach the place the patch changes, so it's unlikely to be Chris> the cause. I wonder if the issue is that it looks like you're trying to use sslv3, but I bet you need to change to using TLSv1 or v2 instead, since ssl2 and ssl3 are deprecated now. Can you post your patches? Or a link to a git repo I could pull and glance over? But I warn you all, I'm not a strong C hacker at all... Chris> Has anyone made any further progress? Does anyone know what the problem Chris> is? Chris> Any help greatly appreciated. Chris> Chris. Chris> --- Chris> The errors are: Chris> 140691693188864:error:14094410:SSL routines:ssl3_read_bytes:sslv3 Chris> alert handshake failure:../ssl/record/rec_layer_s3.c:1399:SSL alert number 40 Chris> error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher Chris> [DELETED ATTACHMENT conserver-ssl11.patch, text/x-diff] Chris> _______________________________________________ Chris> users mailing list Chris> users@conserver.com Chris> https://www.conserver.com/mailman/listinfo/users