From john@stoffel.org Tue Aug 1 20:38:04 2017 Received: from mail.stoffel.org (mail.stoffel.org [104.236.43.127]) by underdog.stansell.org (8.15.2/8.15.2) with ESMTPS id v71Kc15F028869 (version=TLSv1.2 cipher=ADH-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 1 Aug 2017 20:38:03 GMT Received: from quad.stoffel.org (66-189-75-104.dhcp.oxfr.ma.charter.com [66.189.75.104]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.stoffel.org (Postfix) with ESMTPSA id 221595FC4F; Tue, 1 Aug 2017 16:38:01 -0400 (EDT) Received: by quad.stoffel.org (Postfix, from userid 1000) id A83A8B6D5F; Tue, 1 Aug 2017 16:38:00 -0400 (EDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <22912.59048.638173.19792@quad.stoffel.home> Date: Tue, 1 Aug 2017 16:38:00 -0400 From: "John Stoffel" To: "John Stoffel" Cc: Chris , Matthew Huff , users@conserver.com Subject: Re: Porting conserver to OpenSSL 1.1 In-Reply-To: <22908.36845.14420.421353@quad.stoffel.home> References: <20170725204722.GA22747@blind.goeswhere.com> <22903.47978.285864.899377@quad.stoffel.home> <20170726210911.GA16352@blind.goeswhere.com> <22907.24503.333092.530949@quad.stoffel.home> <20170729120742.GA10144@blind.goeswhere.com> <22908.36845.14420.421353@quad.stoffel.home> X-Mailer: VM 8.2.0b under 24.4.1 (x86_64-pc-linux-gnu) X-Spam-Score: -0.502 () BAYES_05,RP_MATCHES_RCVD,SPF_HELO_PASS X-Scanned-By: MIMEDefang 2.72 on 198.151.248.21 X-BeenThere: users@conserver.com X-Mailman-Version: 2.1.23 Precedence: list List-Id: Conserver Users List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 01 Aug 2017 20:38:05 -0000 Chris, Been speding a little time poking at this. Tried using the openssl client to test connections, and I suspect that this points us in the right direction to fix this. Using the latest patch you posted a week ago, I get the following in my test, where I start the conserver daemon using the test.cf file and the args from the dotest script: > ../conserver/conserver -M 127.0.0.1 -p 7777 -v -C test.cf -P \ test.passwd -m 32 Then I just used the the following to do a test connection: root@sid:/home/john/conserver/test# openssl s_client -connect localhost:7777 CONNECTED(00000003) [Tue Aug 1 16:31:01 2017] conserver (12052): ERROR: ParseIACBuf(): fd 4: unrecognized quoted-OB_IAC char 140153917515008:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:252: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 176 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1501619461 Timeout : 7200 (sec) Verify return code: 0 (ok) Extended master secret: no --- [Tue Aug 1 16:31:01 2017] conserver (12052): ERROR: FileRead(): fd 4: Connection reset by peer Which doesn't tell us a ton really... maybe that I'm not doing the connection correctly. But more importantly, I think it's showing that there's a connection made using ssl3, which has problems. It's just a thought... John