[CalendarServer-users] SSL problems with 2.3 and trunk under Debian
Cyrus Daboo
cdaboo at apple.com
Tue Jan 5 08:14:41 PST 2010
Hi Mark,
--On January 5, 2010 10:11:43 AM -0600 Mark Nipper <nipsy at bitgnome.net>
wrote:
>> Try using the openssl command line tool from a shell to connect to
>> your server. That can print out lots of useful debugging information:
>>
>> > openssl s_client -connect host.example.com:8443 -debug
>
> Like I said, it's not getting very far in the
> conversation:
> ---
> CONNECTED(00000003)
> write to 0x1a0a0d0 [0x1a0b740] (118 bytes => 118 (0x76))
> 0000 - 80 74 01 03 01 00 4b 00-00 00 20 00 00 39 00 00 .t....K... ..9..
> 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............
> 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 05 00 ..3..2../.......
> 0030 - 00 04 01 00 80 00 00 15-00 00 12 00 00 09 06 00 ................
> 0040 - 40 00 00 14 00 00 11 00-00 08 00 00 06 04 00 80 @...............
> 0050 - 00 00 03 02 00 80 9e 32-f3 6f ad 39 54 50 e4 83 .......2.o.9TP..
> 0060 - bd e3 a7 df 2f a3 84 ac-90 5f ca 48 a1 71 e6 d7 ..../...._.H.q..
> 0070 - 95 87 f2 e2 f1 29 .....)
> read from 0x1a0a0d0 [0x1a10ca0] (7 bytes => 0 (0x0))
> 26527:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:s23_lib.c:188: ---
>
>> Also note that the server is explicitly set to use SSLv3_METHOD
>> protocol rather than SSLv23_METHOD. It maybe your client cannot cope
>> with that, in which case you will need to adjust the value in the
>> caldavd.plist (or update the client).
>
> Well, given the above, I don't think we're getting that
> far.
So openssl was trying the v23 handshake and failing because the server only
does v3. Try this:
> openssl s_client -connect host.example.com:8443 -debug -ssl3
--
Cyrus Daboo
More information about the calendarserver-users
mailing list