5

I need configure connect to server via SSL protocol. I got from server owners 2 files - CA root certificate (ca.pem) and test certificate request (test.csr file).

I am try to test connect via openssl s_connect utility and i give strange result (xxx - masked values) :

openssl s_client -connect MYURL -CAfile ca.pem
CONNECTED(00000003)
xxx verify return:1
xxx verify return:1
3074332296:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1193:SSL alert number 40
3074332296:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:

But, after handshake alert and print certificate data i see :

SSL handshake has read yyy bytes and written yyy bytes
New, xxx, Cipher is xxx
Server public key is xxx bit
Compression: xxx
Expansion: xxx
SSL-Session:
    Protocol  : xxx
    Cipher    : xxx
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: xxx
    Key-Arg   : xxx
    PSK identity: xxx
    PSK identity hint: xxx
    Compression: xxx
    Start Time: xxx
    Timeout   : xxx (sec)
    Verify return code: 0 (ok)

What's mean verify return code is 0 (ok) ? How it possible if handshake error/alert are occured ?

Reddy
  • 53
  • 1
  • 1
  • 3

1 Answers1

4

You are receiving a handshake failure alert from the server, which means that some other error is occurring, it is not the certificate validation that fails. You should look at the server side logs for clues about what has failed.

Nasko
  • 1,312
  • 10
  • 7
  • 2
    Check that the supported ciphers that the server enforces are matching what the client is trying to connect with. You can get this error if you try to connect with a cipher that the web server config does not support - this could be caused by the underlying server side openssl distribution for example – David Kierans Sep 06 '12 at 01:20