[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]

Re: SSL, certs, and conserver (fix included)

Bryan Stansell bryan@conserver.com
Tue, 4 Oct 2005 16:07:30 -0700 (PDT)

On Tue, Oct 04, 2005 at 04:16:50PM -0400, Chris Ross wrote:
>    I'm having a problem with getting conserver (8.1.12) working
> with an SSL connection.  I presume 8.1.12 doesn't need the
> patch that you posted to the list, as it's release date is
> after the date of this email.  :-)

correct...it's part of 8.1.12.

> console: SSL negotiation failed
> 2173:error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash
> unavailable:../../../../common/openssl/ssl/t1_enc.c:449:
> %
>    I'm not sure what that means.  This is on a solaris 10
> system, using the ssl libraries that are part of the
> installed OS.  These are OpenSSL as of about January
> of 2005, but I can't see a version number in the package
> info.  The header suggests it is, or was, 0.9.7d.

my best guess, based on the "cipher or hash unavailable" is that however
solaris 10 has openssl configured, the anonymous ciphers aren't there.
at least, that's my best bet.  i tried a solaris 10 x86 host with
openssl 0.9.7e (compiled from source) and it works just fine.  if you
create certificates (installed appropriately, etc) and it works, then
that's probably it.  it might be easier to just build openssl.

on my box, i do "strings /usr/local/lib/libssl.a |grep -i ADH" and get:


i'm not sure if those disappear if you compile openssl without the
anonymous ciphers.  but if the library doesn't have references to them,
that's probably it.

hopefully something along those lines shed some light.