Longhorn client vs openssl s_server failing
Hello,
I have a .NET SSL client on Windows 2008 set to negotiate SSL/TLS
trying to talk to openssl s_server (0.9.8-stable-SNAP-20080328)
[color=blue]
> openssl s_server -cert ~/User1-SC.VC.11 -ssl3 -bugs -state -debug -www[/color]
And I can't get the handshake to succeed. When the s_server is set to -
tls1, then it works, but I need it to succeed for both TLS and SSL
only servers on 2008.
Client throws an exception saying: "The client and server cannot
communicate because they do not posess a common algorithm". Wireshark
shows that Client Hello, Server Hello (SSLv3) and Certificate+Server
Hello Done (SSLv3) has been sent before the connection closed. Server
selected ciphersuite is TLS_RSA_WITH_AES
This problem also doesn't occur when the client runs on older Windows
(XP).
Has anyone come across similar problem? The one difference between
clients running XP and 2008 I noticed was, that the 2008 sends TLS
extensions in the Client Hello message. Might this be the cause of
failure?
Many Thanks,
Przemek
Re: Longhorn client vs openssl s_server failing
If anyone is interested - the cause is OpenSSL bug which allows the
SSL-only server to select AES ciphersuite.
AES is only allowed over TLS.
