[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: SSL, certs, and conserver (fix included)

Chris Ross cross+conserver@distal.com
Tue, 4 Oct 2005 13:17:47 -0700 (PDT)

  I'm having a problem with getting conserver (8.1.12) working
with an SSL connection.  I presume 8.1.12 doesn't need the
patch that you posted to the list, as it's release date is
after the date of this email.  :-)

Bryan Stansell wrote:
here's a description of how things are coded to work (once you apply the

- neither side uses -c

    the ssl bits are allowed to use an unauthenticated cipher to set up
    the encryption.  that just works.

This is what I'm trying to do. I have my conserver.cf set up so that ssl is required, and when I try running the client to connect to it, I get:

% console -x -p 782
console: SSL negotiation failed
2173:error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash

  I'm not sure what that means.  This is on a solaris 10
system, using the ssl libraries that are part of the
installed OS.  These are OpenSSL as of about January
of 2005, but I can't see a version number in the package
info.  The header suggests it is, or was, 0.9.7d.

  Bryan, do you have any idea what I'm doing wrong
here?  I'm running the client on the same machine
the server daemon is running on, and the name compiled
into the binaries is CNAME'd to this machines external
address.  If I "-M localhost" I get the same error
message, however.

Thanks. Any help appreciated.

- Chris