2 Replies Latest reply on Sep 9, 2016 8:07 AM by stifi

    SSL error at server handshake:state 25:Application response 500 handshakefailed

    stifi

      Hi all

      Connecting to https://www.ftp.kr.unibe.ch/login  I get following error in the browser:

       

      SSL error at server handshake:state 25:Application response 500 handshakefailed

       

      This is the logentry which is generated:

       

      [02/Sep/2016:09:11:03 +0200] *********** 500 "GET https://www.ftp.kr.unibe.ch/login HTTP/1.1" "" "-" "" 3015 "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.82 Safari/537.36 OPR/39.0.2256.48" "" "0"

       

      I cannot even do a ssl handshake using openssl on the command line:

       

      [.....]$ openssl s_client -connect www.ftp.kr.unibe.ch:443

      CONNECTED(00000003)

      140629603243848:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:

      ---

      no peer certificate available

      ---

      No client certificate CA names sent

      ---

      SSL handshake has read 0 bytes and written 253 bytes

      ---

      New, (NONE), Cipher is (NONE)

      Secure Renegotiation IS NOT supported

      Compression: NONE

      Expansion: NONE

      SSL-Session:

          Protocol  : TLSv1.2

          Cipher    : 0000

          Session-ID:

          Session-ID-ctx:

          Master-Key:

          Key-Arg   : None

          Krb5 Principal: None

          PSK identity: None

          PSK identity hint: None

          Start Time: 1472800447

          Timeout   : 300 (sec)

          Verify return code: 0 (ok)

      ---

       

      So I guess this is rather a misconfiguration on the webserver ... do I have a chance do allow the access by policies?

       

      Regards, Stefan

        • 1. Re: SSL error at server handshake:state 25:Application response 500 handshakefailed
          j.langenbach

          Hello Stefan,

           

          I have a similar problem. But I could do a handshake with openssl if I did send the servername attribute. I have this problem with

          www.caritas.de

          Webgateway error: error:00000000:lib(0):func(0):reason(0):SSL error at server handshake:state 25:Application response 500 handshakefailed

           

          Openssl without servername:

          openssl s_client -connect www.caritas.de:443

          CONNECTED(00000003)

          write:errno=104

          ---

          no peer certificate available

          ---

          No client certificate CA names sent

          ---

          SSL handshake has read 0 bytes and written 289 bytes

          ---

          New, (NONE), Cipher is (NONE)

          Secure Renegotiation IS NOT supported

          Compression: NONE

          Expansion: NONE

          No ALPN negotiated

          SSL-Session:

              Protocol  : TLSv1.2

              Cipher    : 0000

              Session-ID:

              Session-ID-ctx:

              Master-Key:

              Key-Arg   : None

              Krb5 Principal: None

              PSK identity: None

              PSK identity hint: None

              Start Time: 1473085993

              Timeout   : 300 (sec)

              Verify return code: 0 (ok)

          ---

           

          Openssl with servername:

          openssl s_client -connect www.caritas.de:443 -servername www.caritas.de

          CONNECTED(00000003)

          depth=2 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root

          verify return:1

          depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = COMODO High-Assurance Secure Server CA

          verify return:1

          depth=0 C = DE, postalCode = 79104, ST = Baden-Wuerttemberg, L = Freiburg, street = Karlstrasse 40, O = Deutscher Caritasverband e.V., OU = CariNet, OU = Hosted by FreiNet Gesellschaft f\C3\BCr Informationsdienste mbH, OU = InstantSSL Pro, CN = www.caritas.de

          verify return:1

          ---

          Certificate chain

          0 s:/C=DE/postalCode=79104/ST=Baden-Wuerttemberg/L=Freiburg/street=Karlstrasse 40/O=Deutscher Caritasverband e.V./OU=CariNet/OU=Hosted by FreiNet Gesellschaft f\xC3\xBCr Informationsdienste mbH/OU=InstantSSL Pro/CN=www.caritas.de

             i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA

          1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA

             i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust External CA Root

          ---

          Server certificate

          -----BEGIN CERTIFICATE-----

          MIIF/jCCBOagAwIBAgIQSjGHKEAlQxWrSNzEgucjeDANBgkqhkiG9w0BAQUFADCB

          iTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G

          A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxLzAtBgNV

          BAMTJkNPTU9ETyBIaWdoLUFzc3VyYW5jZSBTZWN1cmUgU2VydmVyIENBMB4XDTEz

          MTEyNzAwMDAwMFoXDTE2MTEyNjIzNTk1OVowggEYMQswCQYDVQQGEwJERTEOMAwG

          A1UEERMFNzkxMDQxGzAZBgNVBAgTEkJhZGVuLVd1ZXJ0dGVtYmVyZzERMA8GA1UE

          BxMIRnJlaWJ1cmcxFzAVBgNVBAkTDkthcmxzdHJhc3NlIDQwMSYwJAYDVQQKEx1E

          ZXV0c2NoZXIgQ2FyaXRhc3ZlcmJhbmQgZS5WLjEQMA4GA1UECxMHQ2FyaU5ldDFE

          MEIGA1UECww7SG9zdGVkIGJ5IEZyZWlOZXQgR2VzZWxsc2NoYWZ0IGbDvHIgSW5m

          b3JtYXRpb25zZGllbnN0ZSBtYkgxFzAVBgNVBAsTDkluc3RhbnRTU0wgUHJvMRcw

          FQYDVQQDEw53d3cuY2FyaXRhcy5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC

          AQoCggEBAMtZcqrm2bostLOgmRR0c0uaFBJHCV8+/EZm8QgcfqRO7JrM0gtS70DK

          /jFFee2BUvrPQqS4ihbvFFfxOED4QdXv0zy+hp+Bv0xMeQF3a+3iij29WnjNqsaz

          1KbejNyP/ceL0iDVEIOClr56YfZCH/qCgdrtGfbFp6UNmXu0wvUsb1yyE3ynttLd

          sQ4Yi+PqhpaY3SXAmkfAPVgH48XfLhfkE3Qm/PEeAVcqpZ4QfS/YONI2r+EjJRko

          oEPGhuBZ3bRMJNliBqhBT9fHHj5wTQvm/4+oET5m69ibnihU8pW4br9kDUHITtJK

          f4FVndQC69JMSWQhboUUCymFE93Bz6kCAwEAAaOCAc4wggHKMB8GA1UdIwQYMBaA

          FD/VtdDWRHlQShejm4xK3LiwImRrMB0GA1UdDgQWBBQDV7hsWtVubBK4jOS1zE2v

          ZlgLpTAOBgNVHQ8BAf8EBAMCBaAwDAYDVR0TAQH/BAIwADAdBgNVHSUEFjAUBggr

          BgEFBQcDAQYIKwYBBQUHAwIwUAYDVR0gBEkwRzA7BgwrBgEEAbIxAQIBAwQwKzAp

          BggrBgEFBQcCARYdaHR0cHM6Ly9zZWN1cmUuY29tb2RvLmNvbS9DUFMwCAYGZ4EM

          AQICME8GA1UdHwRIMEYwRKBCoECGPmh0dHA6Ly9jcmwuY29tb2RvY2EuY29tL0NP

          TU9ET0hpZ2gtQXNzdXJhbmNlU2VjdXJlU2VydmVyQ0EuY3JsMIGABggrBgEFBQcB

          AQR0MHIwSgYIKwYBBQUHMAKGPmh0dHA6Ly9jcnQuY29tb2RvY2EuY29tL0NPTU9E

          T0hpZ2gtQXNzdXJhbmNlU2VjdXJlU2VydmVyQ0EuY3J0MCQGCCsGAQUFBzABhhho

          dHRwOi8vb2NzcC5jb21vZG9jYS5jb20wJQYDVR0RBB4wHIIOd3d3LmNhcml0YXMu

          ZGWCCmNhcml0YXMuZGUwDQYJKoZIhvcNAQEFBQADggEBAADoKRhUBhBtzMx2jkC6

          Dtl/Z1QsPvwI5GUnDiya7Ng6RELnO718YclMT/zPpVMi71aCAtbotlQeymJEzDcQ

          WjeexXhMw8QJmGWblgOfEWDc4L+5CSvYYO1+XU4Uthud4cHZMivnBNLLNcDjZ0Cy

          k2nSbcuwtThlIymzQ3wSsHTdGgUzf+OsjakhCpfN12SPIfseZRup7//uiT/dSZHY

          OxpZFghe3m5jrk9N6o6ZGcUuWawGjr9Y2Hf3vPQlf8cu3icPiMIYDgX9pFqDQhtK

          UIG/0Y7XU1wkJV9GVASdjVxS3h17SG/qsl0NKvkmVx48dWRhDDWeJap3iJDWmSKZ

          ckY=

          -----END CERTIFICATE-----

          subject=/C=DE/postalCode=79104/ST=Baden-Wuerttemberg/L=Freiburg/street=Karlstras se 40/O=Deutscher Caritasverband e.V./OU=CariNet/OU=Hosted by FreiNet Gesellschaft f\xC3\xBCr Informationsdienste mbH/OU=InstantSSL Pro/CN=www.caritas.de

          issuer=/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=COMODO High-Assurance Secure Server CA

          ---

          No client certificate CA names sent

          Peer signing digest: SHA1

          Server Temp Key: ECDH, P-521, 521 bits

          ---

          SSL handshake has read 3433 bytes and written 562 bytes

          ---

          New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384

          Server public key is 2048 bit

          Secure Renegotiation IS supported

          Compression: NONE

          Expansion: NONE

          No ALPN negotiated

          SSL-Session:

              Protocol  : TLSv1.2

              Cipher    : ECDHE-RSA-AES256-SHA384

              Session-ID: 3F4500007290F5372B5634C46ADCF1A610ADF59157E35F89B16F121C4BCF0CB2

              Session-ID-ctx:

              Master-Key: 4AC2DAD42153E601DD8AB93EF7C422A951A179AE3DA20636C6E290A5A70AB6FB66C4E69EB1C5C23 16A1EC9FC37F6C612

              Key-Arg   : None

              Krb5 Principal: None

              PSK identity: None

              PSK identity hint: None

              Start Time: 1473086042

              Timeout   : 300 (sec)

              Verify return code: 0 (ok)

          ---

           

           

           

          By the way, I don't have a problem with your site:

          openssl s_client -connect www.ftp.kr.unibe.ch:443

          CONNECTED(00000003)

          depth=0 CN = KR-SRVMG01, O = Cerberus FTP Server, OU = Self-signed Certificate, C = CH

          verify error:num=20:unable to get local issuer certificate

          verify return:1

          depth=0 CN = KR-SRVMG01, O = Cerberus FTP Server, OU = Self-signed Certificate, C = CH

          verify error:num=21:unable to verify the first certificate

          verify return:1

          ---

          Certificate chain

          0 s:/CN=KR-SRVMG01/O=Cerberus FTP Server/OU=Self-signed Certificate/C=CH

             i:/CN=KR-SRVMG01/O=Cerberus FTP Server/OU=Self-signed Certificate/C=CH

          ---

          Server certificate

          -----BEGIN CERTIFICATE-----

          MIIEfzCCA2egAwIBAgIBATANBgkqhkiG9w0BAQUFADBiMRMwEQYDVQQDDApLUi1T

          UlZNRzAxMRwwGgYDVQQKDBNDZXJiZXJ1cyBGVFAgU2VydmVyMSAwHgYDVQQLDBdT

          ZWxmLXNpZ25lZCBDZXJ0aWZpY2F0ZTELMAkGA1UEBhMCQ0gwHhcNMTQwNzA4MTE1

          NTM0WhcNMTcwNzA3MTE1NTM0WjBiMRMwEQYDVQQDDApLUi1TUlZNRzAxMRwwGgYD

          VQQKDBNDZXJiZXJ1cyBGVFAgU2VydmVyMSAwHgYDVQQLDBdTZWxmLXNpZ25lZCBD

          ZXJ0aWZpY2F0ZTELMAkGA1UEBhMCQ0gwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw

          ggEKAoIBAQDLTlQDiPpGtMnuJPhq2V2v2MVAueTWfj66xAAoaXC1RSTP+OSAQPqP

          y00B/kWGuY8TF4qT9AoOsTETlqo8VH3bZhYajQ9h7I7OXRhg8Jc7pyJSU8O/kg9v

          0WoKMpbQcgQEVFDwACUGEl6xqH6kWDe8pLdaOBiW0xfG3+/yd3CoJtvIiigsTopW

          pQOFOsNlX9lr/PWpUpuJmJKLvgqPuflt/i0K/rAUU0tZwrJgl3Lu26KLNujP5s8x

          Jo09dwva91hg33ppT0cZWTXW9l2KfHTRDcfCSBxUdYhTf8UWBjX3agi9d7ewhnCw

          NziKdxosZCwMYmRc239TAZlVLCxANBpXAgMBAAGjggE+MIIBOjAJBgNVHRMEAjAA

          MBEGCWCGSAGG+EIBAQQEAwIGQDAZBglghkgBhvhCAQwEDBYKS1ItU1JWTUcwMTAO

          BgNVHQ8BAf8EBAMCA/gwEwYDVR0lBAwwCgYIKwYBBQUHAwEwLgYJYIZIAYb4QgEN

          BCEWH0NlcnRpZmljYXRlIGNyZWF0ZWQgYnkgQ2VyYmVydXMwdAYDVR0jBG0wa6Fm

          pGQwYjETMBEGA1UEAwwKS1ItU1JWTUcwMTEcMBoGA1UECgwTQ2VyYmVydXMgRlRQ

          IFNlcnZlcjEgMB4GA1UECwwXU2VsZi1zaWduZWQgQ2VydGlmaWNhdGUxCzAJBgNV

          BAYTAkNIggEBMB0GA1UdDgQWBBSrXm2XtqhdMuK9RXnZGyyDFnbwDjAVBgNVHREE

          DjAMggpLUi1TUlZNRzAxMA0GCSqGSIb3DQEBBQUAA4IBAQBu3CRcPF9Jrg4excX2

          bdDWZ2ZGm8kLxOQNozZ+udmFzlU3xyaQWoLjkyjK5Q49I7wMALKo9ixBMyAI/+IT

          PocRqzp/uA/B/59V4wN+WeZ0Sz4YquwxGZ7+6IV27CRyHuOnxDbPAypZrpjON6yi

          vhW72mCrktgKSxT12TLrLY8BH9gYdQd21d67WrKSeNr1BmnWqdZRlakFW33CMAxx

          sIIobJ3HI9T0rkjPouh0Vc8zHpmRTQE0UUol95kLFrIQn3EF6VRYb1Yu0uqZjTzP

          t3qIXO0z9Ap/PaKVZRMzKC/a4x+brMXGah6WlqB6geoJN1/CoetWx2mJ3Zh+qF9i

          JkIf

          -----END CERTIFICATE-----

          subject=/CN=KR-SRVMG01/O=Cerberus FTP Server/OU=Self-signed Certificate/C=CH

          issuer=/CN=KR-SRVMG01/O=Cerberus FTP Server/OU=Self-signed Certificate/C=CH

          ---

          No client certificate CA names sent

          Peer signing digest: SHA512

          Server Temp Key: ECDH, P-384, 384 bits

          ---

          SSL handshake has read 1862 bytes and written 447 bytes

          ---

          New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384

          Server public key is 2048 bit

          Secure Renegotiation IS supported

          Compression: NONE

          Expansion: NONE

          No ALPN negotiated

          SSL-Session:

              Protocol  : TLSv1.2

              Cipher    : ECDHE-RSA-AES256-GCM-SHA384

              Session-ID: BF55C7368894FB040E97496887F9B4F06D20FB211B5824142075477AA1074823

              Session-ID-ctx:

              Master-Key: 27DB7A40978537A3E22203040728CAF6BB0AD94A3743F509C46556B5C79DCD07F35FF65583BFACC 8016F3147436F517D

              Key-Arg   : None

              Krb5 Principal: None

              PSK identity: None

              PSK identity hint: None

              TLS session ticket lifetime hint: 300 (seconds)

              TLS session ticket:

              0000 - a5 5d db fd 0d a3 fe 67-5d ee fe 9e 3a c0 82 e4   .].....g]...:...

              0010 - 3d 3e 64 8a 17 24 ea 0b-3a ef 5e ff 4a 03 79 29   =>d..$..:.^.J.y)

              0020 - e1 ef 9f 1f 23 dd e5 c7-43 70 4d 06 01 22 8e ab   ....#...CpM.."..

              0030 - e3 09 d1 74 b3 be 15 60-69 e8 4f f1 67 51 69 27   ...t...`i.O.gQi'

              0040 - 34 5c 13 f2 cb 2e ec b8-43 f1 44 85 68 7a 33 19   4\......C.D.hz3.

              0050 - 0b 5b e1 18 c2 8b c1 98-1f 04 2f 67 53 d9 b1 52   .[......../gS..R

              0060 - 7f 10 13 db 24 e8 3b 4a-77 82 6c 0f a1 b3 1a 44   ....$.;Jw.l....D

              0070 - b2 d9 71 d9 ec 4f d0 86-ec b6 b1 18 db 7a 70 41   ..q..O.......zpA

              0080 - 71 b2 71 c7 83 a5 a3 30-e7 db 86 82 e1 32 3d af   q.q....0.....2=.

              0090 - e8 17 dd e9 48 6b 3f d7-a5 11 db c2 3a 54 1f 0c   ....Hk?.....:T..

              00a0 - c5 a0 1f a6 a0 60 40 55-f4 c4 a3 a7 aa 4b 55 fe   .....`@U.....KU.

           

           

              Start Time: 1473086090

              Timeout   : 300 (sec)

              Verify return code: 21 (unable to verify the first certificate)

          ---

           

           

          Does somebody know how to fix this?

          I also checked, that my client (Firefox) did send the server_name attribute to the webgateway, in wireshark.

           

          Kind regards
          Jesai

          • 2. Re: SSL error at server handshake:state 25:Application response 500 handshakefailed
            stifi

            Hi again

            Running a ssl handshake from a different system running OpenSSL 1.0.1f (MWG is running OpenSSL 1.0.1r-fips) indicates to me, that the cipher ECDHE-RSA-AES256-GCM-SHA384 is negotiated. This cipher is also supported by OpenSSL 1.0.1r-fips (at least according the output of "openssl ciphers -V") however, MWG does this cipher not offer at the handshake. These are the ciphers our MWG offers to the remote site in the client hello (from a packet capture):

             

            Frame 4: 319 bytes on wire (2552 bits), 319 bytes captured (2552 bits)

            Ethernet II, Src: 00:15:17:e8:4d:6e, Dst: 00:10:db:ff:10:03

            Internet Protocol Version 4, Src: 195.65.23.197, Dst: 130.92.247.173

            Transmission Control Protocol, Src Port: 40730 (40730), Dst Port: 443 (443), Seq: 1, Ack: 1, Len: 253

            Secure Sockets Layer

                SSL Record Layer: Handshake Protocol: Client Hello

                    Content Type: Handshake (22)

                    Version: TLS 1.0 (0x0301)

                    Length: 248

                    Handshake Protocol: Client Hello

                        Handshake Type: Client Hello (1)

                        Length: 244

                        Version: TLS 1.2 (0x0303)

                        Random

                        Session ID Length: 0

                        Cipher Suites Length: 138

                        Cipher Suites (69 suites)

                            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

                            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c)

                            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)

                            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024)

                            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

                            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)

                            Cipher Suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 (0x00a3)

                            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009f)

                            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b)

                            Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a)

                            Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)

                            Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)

                            Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)

                            Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)

                            Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 (0xc032)

                            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02e)

                            Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 (0xc02a)

                            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 (0xc026)

                            Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)

                            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)

                            Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)

                            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)

                            Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)

                            Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)

                            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

                            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)

                            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)

                            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023)

                            Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

                            Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)

                            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 (0x00a2)

                            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x009e)

                            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (0x0067)

                            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 (0x0040)

                            Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)

                            Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)

                            Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a)

                            Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099)

                            Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)

                            Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)

                            Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 (0xc031)

                            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02d)

                            Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 (0xc029)

                            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 (0xc025)

                            Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)

                            Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)

                            Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)

                            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)

                            Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

                            Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096)

                            Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)

                            Cipher Suite: TLS_RSA_WITH_IDEA_CBC_SHA (0x0007)

                            Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)

                            Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)

                            Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)

                            Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)

                            Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)

                            Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)

                            Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)

                            Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)

                            Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)

                            Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)

                            Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)

                            Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)

             

             

            So I'm still confused about that ...? Definitely an issue outside of MWG but based on the OpenSSL version.

             

            Bye, Stefan