[Date Prev] [Date Index] [Date Next] [Thread Prev] [Thread Index] [Thread Next]
Bryan Stansell bryan@conserver.com
Tue, 4 Oct 2005 16:07:30 -0700 (PDT)
On Tue, Oct 04, 2005 at 04:16:50PM -0400, Chris Ross wrote: > I'm having a problem with getting conserver (8.1.12) working > with an SSL connection. I presume 8.1.12 doesn't need the > patch that you posted to the list, as it's release date is > after the date of this email. :-) correct...it's part of 8.1.12. > console: SSL negotiation failed > 2173:error:140D308A:SSL routines:TLS1_SETUP_KEY_BLOCK:cipher or hash > unavailable:../../../../common/openssl/ssl/t1_enc.c:449: > % > > I'm not sure what that means. This is on a solaris 10 > system, using the ssl libraries that are part of the > installed OS. These are OpenSSL as of about January > of 2005, but I can't see a version number in the package > info. The header suggests it is, or was, 0.9.7d. my best guess, based on the "cipher or hash unavailable" is that however solaris 10 has openssl configured, the anonymous ciphers aren't there. at least, that's my best bet. i tried a solaris 10 x86 host with openssl 0.9.7e (compiled from source) and it works just fine. if you create certificates (installed appropriately, etc) and it works, then that's probably it. it might be easier to just build openssl. on my box, i do "strings /usr/local/lib/libssl.a |grep -i ADH" and get: EXP-ADH-RC4-MD5 ADH-RC4-MD5 EXP-ADH-DES-CBC-SHA ADH-DES-CBC-SHA ADH-DES-CBC3-SHA ADH-AES128-SHA ADH-AES256-SHA ALL:!ADH:+RC4:@STRENGTH ALL:!ADH:+RC4:@STRENGTH i'm not sure if those disappear if you compile openssl without the anonymous ciphers. but if the library doesn't have references to them, that's probably it. hopefully something along those lines shed some light. Bryan