cancel
Showing results for 
Search instead for 
Did you mean: 
stifi
Level 7

SSL error at server handshake:state 25:Application response 500 handshakefailed

Hi all

Connecting to https://www.ftp.kr.unibe.ch/login  I get following error in the browser:

SSL error at server handshake:state 25:Application response 500 handshakefailed

This is the logentry which is generated:

[02/Sep/2016:09:11:03 +0200] *********** 500 "GET https://www.ftp.kr.unibe.ch/login HTTP/1.1" "" "-" "" 3015 "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36 OPR/39.0.2256.48" "" "0"

I cannot even do a ssl handshake using openssl on the command line:

[.....]$ openssl s_client -connect www.ftp.kr.unibe.ch:443

CONNECTED(00000003)

140629603243848:error:140790E5Smiley FrustratedSL routinesSmiley FrustratedSL23_WRITE:ssl handshake failure:s23_lib.c:177:

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 0 bytes and written 253 bytes

---

New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

SSL-Session:

    Protocol  : TLSv1.2

    Cipher    : 0000

    Session-ID:

    Session-ID-ctx:

    Master-Key:

    Key-Arg   : None

    Krb5 Principal: None

    PSK identity: None

    PSK identity hint: None

    Start Time: 1472800447

    Timeout   : 300 (sec)

    Verify return code: 0 (ok)

---

So I guess this is rather a misconfiguration on the webserver ... do I have a chance do allow the access by policies?

Regards, Stefan

0 Kudos
2 Replies
j.langenbach
Level 7

Re: SSL error at server handshake:state 25:Application response 500 handshakefailed

Hello Stefan,

I have a similar problem. But I could do a handshake with openssl if I did send the servername attribute. I have this problem with

www.caritas.de

Webgateway error: error:00000000:lib(0):func(0):reason(0)Smiley FrustratedSL error at server handshake:state 25:Application response 500 handshakefailed

Openssl without servername:

openssl s_client -connect www.caritas.de:443

CONNECTED(00000003)

write:errno=104

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 0 bytes and written 289 bytes

---

New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

SSL-Session:

    Protocol  : TLSv1.2

    Cipher    : 0000

    Session-ID:

    Session-ID-ctx:

    Master-Key:

    Key-Arg   : None

    Krb5 Principal: None

    PSK identity: None

    PSK identity hint: None

    Start Time: 1473085993

    Timeout   : 300 (sec)

    Verify return code: 0 (ok)

---

Openssl with servername:

openssl s_client -connect www.caritas.de:443 -servername www.caritas.de

CONNECTED(00000003)

depth=2 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root

verify return:1

depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO High-Assurance Secure Server CA

verify return:1

depth=0 C = DE, postalCode = 79104, ST = Baden-Wuerttemberg, L = Freiburg, street = Karlstrasse 40, O = Deutscher Caritasverband e.V., OU = CariNet, OU = Hosted by FreiNet Gesellschaft f\C3\BCr Informationsdienste mbH, OU = InstantSSL Pro, CN = www.caritas.de

verify return:1

---

Certificate chain

0 s:/C=DE/postalCode=79104/ST=Baden-Wuerttemberg/L=Freiburg/street=Karlstrasse 40/O=Deutscher Caritasverband e.V./OU=CariNet/OU=Hosted by FreiNet Gesellschaft f\xC3\xBCr Informationsdienste mbH/OU=InstantSSL Pro/CN=www.caritas.de

   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA

1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA

   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIF/jCCBOagAwIBAgIQSjGHKEAlQxWrSNzEgucjeDANBgkqhkiG9w0BAQUFADCB

iTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G

A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxLzAtBgNV

BAMTJkNPTU9ETyBIaWdoLUFzc3VyYW5jZSBTZWN1cmUgU2VydmVyIENBMB4XDTEz

MTEyNzAwMDAwMFoXDTE2MTEyNjIzNTk1OVowggEYMQswCQYDVQQGEwJERTEOMAwG

A1UEERMFNzkxMDQxGzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVyZzERMA8GA1UE

BxMIRnJlaWJ1cmcxFzAVBgNVBAkTDkthcmxzdHJhc3NlIDQwMSYwJAYDVQQKEx1E

ZXV0c2NoZXIgQ2FyaXRhc3ZlcmJhbmQgZS5WLjEQMA4GA1UECxMHQ2FyaU5ldDFE

MEIGA1UECww7SG9zdGVkIGJ5IEZyZWlOZXQgR2VzZWxsc2NoYWZ0IGbDvHIgSW5m

b3JtYXRpb25zZGllbnN0ZSBtYkgxFzAVBgNVBAsTDkluc3RhbnRTU0wgUHJvMRcw

FQYDVQQDEw53d3cuY2FyaXRhcy5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC

AQoCggEBAMtZcqrm2bostLOgmRR0c0uaFBJHCV8+/EZm8QgcfqRO7JrM0gtS70DK

/jFFee2BUvrPQqS4ihbvFFfxOED4QdXv0zy+hp+Bv0xMeQF3a+3iij29WnjNqsaz

1KbejNyP/ceL0iDVEIOClr56YfZCH/qCgdrtGfbFp6UNmXu0wvUsb1yyE3ynttLd

sQ4Yi+PqhpaY3SXAmkfAPVgH48XfLhfkE3Qm/PEeAVcqpZ4QfS/YONI2r+EjJRko

oEPGhuBZ3bRMJNliBqhBT9fHHj5wTQvm/4+oET5m69ibnihU8pW4br9kDUHITtJK

f4FVndQC69JMSWQhboUUCymFE93Bz6kCAwEAAaOCAc4wggHKMB8GA1UdIwQYMBaA

FD/VtdDWRHlQShejm4xK3LiwImRrMB0GA1UdDgQWBBQDV7hsWtVubBK4jOS1zE2v

ZlgLpTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr

BgEFBQcDAQYIKwYBBQUHAwIwUAYDVR0gBEkwRzA7BgwrBgEEAbIxAQIBAwQwKzAp

BggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwCAYGZ4EM

AQICME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NP

TU9ET0hpZ2gtQXNzdXJhbmNlU2VjdXJlU2VydmVyQ0EuY3JsMIGABggrBgEFBQcB

AQR0MHIwSgYIKwYBBQUHMAKGPmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9E

T0hpZ2gtQXNzdXJhbmNlU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhho

dHRwOi8vb2NzcC5jb21vZG9jYS5jb20wJQYDVR0RBB4wHIIOd3d3LmNhcml0YXMu

ZGWCCmNhcml0YXMuZGUwDQYJKoZIhvcNAQEFBQADggEBAADoKRhUBhBtzMx2jkC6

Dtl/Z1QsPvwI5GUnDiya7Ng6RELnO718YclMT/zPpVMi71aCAtbotlQeymJEzDcQ

WjeexXhMw8QJmGWblgOfEWDc4L+5CSvYYO1+XU4Uthud4cHZMivnBNLLNcDjZ0Cy

k2nSbcuwtThlIymzQ3wSsHTdGgUzf+OsjakhCpfN12SPIfseZRup7//uiT/dSZHY

OxpZFghe3m5jrk9N6o6ZGcUuWawGjr9Y2Hf3vPQlf8cu3icPiMIYDgX9pFqDQhtK

UIG/0Y7XU1wkJV9GVASdjVxS3h17SG/qsl0NKvkmVx48dWRhDDWeJap3iJDWmSKZ

ckY=

-----END CERTIFICATE-----

subject=/C=DE/postalCode=79104/ST=Baden-Wuerttemberg/L=Freiburg/street=Karlstrasse 40/O=Deutscher Caritasverband e.V./OU=CariNet/OU=Hosted by FreiNet Gesellschaft f\xC3\xBCr Informationsdienste mbH/OU=InstantSSL Pro/CN=www.caritas.de

issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA

---

No client certificate CA names sent

Peer signing digest: SHA1

Server Temp Key: ECDH, P-521, 521 bits

---

SSL handshake has read 3433 bytes and written 562 bytes

---

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

SSL-Session:

    Protocol  : TLSv1.2

    Cipher    : ECDHE-RSA-AES256-SHA384

    Session-ID: 3F4500007290F5372B5634C46ADCF1A610ADF59157E35F89B16F121C4BCF0CB2

    Session-ID-ctx:

    Master-Key: 4AC2DAD42153E601DD8AB93EF7C422A951A179AE3DA20636C6E290A5A70AB6FB66C4E69EB1C5C2316A1EC9FC37F6C612

    Key-Arg   : None

    Krb5 Principal: None

    PSK identity: None

    PSK identity hint: None

    Start Time: 1473086042

    Timeout   : 300 (sec)

    Verify return code: 0 (ok)

---

By the way, I don't have a problem with your site:

openssl s_client -connect www.ftp.kr.unibe.ch:443

CONNECTED(00000003)

depth=0 CN = KR-SRVMG01, O = Cerberus FTP Server, OU = Self-signed Certificate, C = CH

verify error:num=20:unable to get local issuer certificate

verify return:1

depth=0 CN = KR-SRVMG01, O = Cerberus FTP Server, OU = Self-signed Certificate, C = CH

verify error:num=21:unable to verify the first certificate

verify return:1

---

Certificate chain

0 s:/CN=KR-SRVMG01/O=Cerberus FTP Server/OU=Self-signed Certificate/C=CH

   i:/CN=KR-SRVMG01/O=Cerberus FTP Server/OU=Self-signed Certificate/C=CH

---

Server certificate

-----BEGIN CERTIFICATE-----

MIIEfzCCA2egAwIBAgIBATANBgkqhkiG9w0BAQUFADBiMRMwEQYDVQQDDApLUi1T

UlZNRzAxMRwwGgYDVQQKDBNDZXJiZXJ1cyBGVFAgU2VydmVyMSAwHgYDVQQLDBdT

ZWxmLXNpZ25lZCBDZXJ0aWZpY2F0ZTELMAkGA1UEBhMCQ0gwHhcNMTQwNzA4MTE1

NTM0WhcNMTcwNzA3MTE1NTM0WjBiMRMwEQYDVQQDDApLUi1TUlZNRzAxMRwwGgYD

VQQKDBNDZXJiZXJ1cyBGVFAgU2VydmVyMSAwHgYDVQQLDBdTZWxmLXNpZ25lZCBD

ZXJ0aWZpY2F0ZTELMAkGA1UEBhMCQ0gwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw

ggEKAoIBAQDLTlQDiPpGtMnuJPhq2V2v2MVAueTWfj66xAAoaXC1RSTP+OSAQPqP

y00B/kWGuY8TF4qT9AoOsTETlqo8VH3bZhYajQ9h7I7OXRhg8Jc7pyJSU8O/kg9v

0WoKMpbQcgQEVFDwACUGEl6xqH6kWDe8pLdaOBiW0xfG3+/yd3CoJtvIiigsTopW

pQOFOsNlX9lr/PWpUpuJmJKLvgqPuflt/i0K/rAUU0tZwrJgl3Lu26KLNujP5s8x

Jo09dwva91hg33ppT0cZWTXW9l2KfHTRDcfCSBxUdYhTf8UWBjX3agi9d7ewhnCw

NziKdxosZCwMYmRc239TAZlVLCxANBpXAgMBAAGjggE+MIIBOjAJBgNVHRMEAjAA

MBEGCWCGSAGG+EIBAQQEAwIGQDAZBglghkgBhvhCAQwEDBYKS1ItU1JWTUcwMTAO

BgNVHQ8BAf8EBAMCA/gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwLgYJYIZIAYb4QgEN

BCEWH0NlcnRpZmljYXRlIGNyZWF0ZWQgYnkgQ2VyYmVydXMwdAYDVR0jBG0wa6Fm

pGQwYjETMBEGA1UEAwwKS1ItU1JWTUcwMTEcMBoGA1UECgwTQ2VyYmVydXMgRlRQ

IFNlcnZlcjEgMB4GA1UECwwXU2VsZi1zaWduZWQgQ2VydGlmaWNhdGUxCzAJBgNV

BAYTAkNIggEBMB0GA1UdDgQWBBSrXm2XtqhdMuK9RXnZGyyDFnbwDjAVBgNVHREE

DjAMggpLUi1TUlZNRzAxMA0GCSqGSIb3DQEBBQUAA4IBAQBu3CRcPF9Jrg4excX2

bdDWZ2ZGm8kLxOQNozZ+udmFzlU3xyaQWoLjkyjK5Q49I7wMALKo9ixBMyAI/+IT

PocRqzp/uA/B/59V4wN+WeZ0Sz4YquwxGZ7+6IV27CRyHuOnxDbPAypZrpjON6yi

vhW72mCrktgKSxT12TLrLY8BH9gYdQd21d67WrKSeNr1BmnWqdZRlakFW33CMAxx

sIIobJ3HI9T0rkjPouh0Vc8zHpmRTQE0UUol95kLFrIQn3EF6VRYb1Yu0uqZjTzP

t3qIXO0z9Ap/PaKVZRMzKC/a4x+brMXGah6WlqB6geoJN1/CoetWx2mJ3Zh+qF9i

JkIf

-----END CERTIFICATE-----

subject=/CN=KR-SRVMG01/O=Cerberus FTP Server/OU=Self-signed Certificate/C=CH

issuer=/CN=KR-SRVMG01/O=Cerberus FTP Server/OU=Self-signed Certificate/C=CH

---

No client certificate CA names sent

Peer signing digest: SHA512

Server Temp Key: ECDH, P-384, 384 bits

---

SSL handshake has read 1862 bytes and written 447 bytes

---

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384

Server public key is 2048 bit

Secure Renegotiation IS supported

Compression: NONE

Expansion: NONE

No ALPN negotiated

SSL-Session:

    Protocol  : TLSv1.2

    Cipher    : ECDHE-RSA-AES256-GCM-SHA384

    Session-ID: BF55C7368894FB040E97496887F9B4F06D20FB211B5824142075477AA1074823

    Session-ID-ctx:

    Master-Key: 27DB7A40978537A3E22203040728CAF6BB0AD94A3743F509C46556B5C79DCD07F35FF65583BFACC8016F3147436F517D

    Key-Arg   : None

    Krb5 Principal: None

    PSK identity: None

    PSK identity hint: None

    TLS session ticket lifetime hint: 300 (seconds)

    TLS session ticket:

    0000 - a5 5d db fd 0d a3 fe 67-5d ee fe 9e 3a c0 82 e4   .].....g]...:...

    0010 - 3d 3e 64 8a 17 24 ea 0b-3a ef 5e ff 4a 03 79 29   =>d..$..:.^.J.y)

    0020 - e1 ef 9f 1f 23 dd e5 c7-43 70 4d 06 01 22 8e ab   ....#...CpM.."..

    0030 - e3 09 d1 74 b3 be 15 60-69 e8 4f f1 67 51 69 27   ...t...`i.O.gQi'

    0040 - 34 5c 13 f2 cb 2e ec b8-43 f1 44 85 68 7a 33 19   4\......C.D.hz3.

    0050 - 0b 5b e1 18 c2 8b c1 98-1f 04 2f 67 53 d9 b1 52   .[......../gS..R

    0060 - 7f 10 13 db 24 e8 3b 4a-77 82 6c 0f a1 b3 1a 44   ....$.;Jw.l....D

    0070 - b2 d9 71 d9 ec 4f d0 86-ec b6 b1 18 db 7a 70 41   ..q..O.......zpA

    0080 - 71 b2 71 c7 83 a5 a3 30-e7 db 86 82 e1 32 3d af   q.q....0.....2=.

    0090 - e8 17 dd e9 48 6b 3f d7-a5 11 db c2 3a 54 1f 0c   ....Hk?.....:T..

    00a0 - c5 a0 1f a6 a0 60 40 55-f4 c4 a3 a7 aa 4b 55 fe   .....`@U.....KU.

    Start Time: 1473086090

    Timeout   : 300 (sec)

    Verify return code: 21 (unable to verify the first certificate)

---

Does somebody know how to fix this?

I also checked, that my client (Firefox) did send the server_name attribute to the webgateway, in wireshark.

Kind regards
Jesai

0 Kudos
stifi
Level 7

Re: SSL error at server handshake:state 25:Application response 500 handshakefailed

Hi again

Running a ssl handshake from a different system running OpenSSL 1.0.1f (MWG is running OpenSSL 1.0.1r-fips) indicates to me, that the cipher ECDHE-RSA-AES256-GCM-SHA384 is negotiated. This cipher is also supported by OpenSSL 1.0.1r-fips (at least according the output of "openssl ciphers -V") however, MWG does this cipher not offer at the handshake. These are the ciphers our MWG offers to the remote site in the client hello (from a packet capture):

Frame 4: 319 bytes on wire (2552 bits), 319 bytes captured (2552 bits)

Ethernet II, Src: 00:15:17:e8:4d:6e, Dst: 00:10:db:ff:10:03

Internet Protocol Version 4, Src: 195.65.23.197, Dst: 130.92.247.173

Transmission Control Protocol, Src Port: 40730 (40730), Dst Port: 443 (443), Seq: 1, Ack: 1, Len: 253

Secure Sockets Layer

    SSL Record Layer: Handshake Protocol: Client Hello

        Content Type: Handshake (22)

        Version: TLS 1.0 (0x0301)

        Length: 248

        Handshake Protocol: Client Hello

            Handshake Type: Client Hello (1)

            Length: 244

            Version: TLS 1.2 (0x0303)

            Random

            Session ID Length: 0

            Cipher Suites Length: 138

            Cipher Suites (69 suites)

                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)

                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)

                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)

                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)

                Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)

                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)

                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)

                Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)

                Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)

                Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)

                Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)

                Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)

                Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032)

                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02e)

                Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a)

                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xc026)

                Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)

                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)

                Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)

                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)

                Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)

                Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)

                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)

                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)

                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)

                Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

                Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)

                Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)

                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)

                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)

                Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)

                Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)

                Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)

                Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a)

                Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099)

                Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)

                Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)

                Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)

                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)

                Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)

                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)

                Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)

                Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)

                Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)

                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)

                Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

                Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096)

                Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)

                Cipher Suite: TLS_RSA_WITH_IDEA_CBC_SHA (0x0007)

                Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)

                Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)

                Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)

                Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)

                Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)

                Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)

                Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)

                Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)

                Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)

                Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)

                Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)

                Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)

So I'm still confused about that ...? Definitely an issue outside of MWG but based on the OpenSSL version.

Bye, Stefan

0 Kudos