--0-888584540-1200584942=:45389
Content-Type: text/plain; charset=us-ascii

Thanks a ton. After setting ciphers to aNULL, my program worked.

Thanks again.

----- Original Message ----
From: "Marek.Marcola@malkom.pl"
To: openssl-users@openssl.org
Sent: Thursday, January 17, 2008 8:47:01 PM
Subject: Re: Got error on TLSv1 handshake when server is not sending its certificate to client


Hello,
> I have a written a simple client-server program in which I am trying

to
communicate
> between client and server using SSL by setting peer authentication

OFF
on both sides.
>
> When I don't set any certificates on server side, I am getting this

error s3_srvr.c
> (985): 41153: no shared cipher
>
> If I set certificate on server side, it is working fine.
>
> I have read TLSv1 RFC2246, in 7.3 section, they have given server

sending its
> certificate is optional.
>
> So, is it a restriction/limitation on openssl side? OR Am I doing any


mistake?. I tried
> look for the similar problems in openssl mail archive, but could not

find any.
This is because anonymous ciphers are disabled by default.
You may test this with:
$ openssl s_server -nocert
$ openssl s_client
this will give you no shared cipher.
But if you enable anonymous ciphers:
$ openssl s_server -nocert -cipher aNULL
$ openssl s_client -cipher aNULL
connection will be established properly.
Of course commands:
$ openssl s_server -nocert -cipher ALL
$ openssl s_client -cipher ALL
works too.

Best regards,
--
Marek Marcola

__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org






__________________________________________________ __________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i...Dypao8Wcj9tAcJ

--0-888584540-1200584942=:45389
Content-Type: text/html; charset=us-ascii

Thanks a ton. After setting ciphers to aNULL, my program worked.

Thanks again.

----- Original Message ----
From: "Marek.Marcola@malkom.pl" <Marek.Marcola@malkom.pl>
To: openssl-users@openssl.org
Sent: Thursday, January 17, 2008 8:47:01 PM
Subject: Re: Got error on TLSv1 handshake when server is not sending its certificate to client


Hello,
> I have a written a simple client-server program in which I am trying
to
communicate
> between client and server using SSL by setting peer authentication
OFF
on both sides.
>
> When I don't set any certificates on server side, I am getting this
error s3_srvr.c
> (985): 41153: no shared cipher
>
> If I set certificate on server side, it is working fine.
>
> I have read TLSv1 RFC2246, in 7.3 section, they have given server
sending its
> certificate is optional.
>
> So, is it a restriction/limitation on openssl side? OR Am I doing any

mistake?. I tried
> look for the similar problems in openssl mail archive, but could not
find any.
This is because anonymous ciphers are disabled by default.
You may test this with:
$ openssl s_server -nocert
$ openssl s_client
this will give you no shared cipher.
But if you enable anonymous ciphers:
$ openssl s_server -nocert -cipher aNULL
$ openssl s_client -cipher aNULL
connection will be established properly.
Of course commands:
$ openssl s_server -nocert -cipher ALL
$ openssl s_client -cipher ALL
works too.

Best regards,
--
Marek Marcola <Marek.Marcola@malkom.pl>

__________________________________________________ ____________________
OpenSSL Project                                href="http://www.openssl.org" target="_blank">http://www.openssl.org
User Support Mailing List                    penssl-users@openssl.org" href="mailtopenssl-users@openssl.org">openssl-users@openssl.org
Automated List Manager                          majordomo@openssl.org




Looking for last minute shopping deals?
Find them fast with Yahoo! Search.

--0-888584540-1200584942=:45389--
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majordomo@openssl.org