[Bug 899464] Re: openssl failed when interacting with sslv2 server
Finjon Kiang
899464 at bugs.launchpad.net
Tue Dec 6 01:56:30 UTC 2011
I haven't gotten response from that site. But if it's disabled by
default, how to open it? The option '-ssl2' had been removed from the
program in the latest version.
The following results were fetched from 0.9.8g-4ubuntu3.13 @ Ubuntu
8.04.4 LTS:
:~$ openssl s_client -ssl3 -host aquarius.neweb.com.tw -port 443
CONNECTED(00000003)
15872:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:
:~$ openssl s_client -ssl2 -host aquarius.neweb.com.tw -port 443
CONNECTED(00000003)
depth=0 /C=TW/postalCode=11510/ST=Taiwan/L=Taipei/streetAddress=7F., No.52, Sec. 3, Nangang Rd., Nangang Dist., Taipei City 11510, Taiwan (R.O.C.)/O=Neweb Technologies Co., Ltd./OU=MIS/OU=Provided by Global Digital Inc./OU=GlobalTrustSSLWildcard/CN=*.neweb.com.tw
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=TW/postalCode=11510/ST=Taiwan/L=Taipei/streetAddress=7F., No.52, Sec. 3, Nangang Rd., Nangang Dist., Taipei City 11510, Taiwan (R.O.C.)/O=Neweb Technologies Co., Ltd./OU=MIS/OU=Provided by Global Digital Inc./OU=GlobalTrustSSLWildcard/CN=*.neweb.com.tw
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=TW/postalCode=11510/ST=Taiwan/L=Taipei/streetAddress=7F., No.52, Sec. 3, Nangang Rd., Nangang Dist., Taipei City 11510, Taiwan (R.O.C.)/O=Neweb Technologies Co., Ltd./OU=MIS/OU=Provided by Global Digital Inc./OU=GlobalTrustSSLWildcard/CN=*.neweb.com.tw
verify error:num=21:unable to verify the first certificate
verify return:1
subject=/C=TW/postalCode=11510/ST=Taiwan/L=Taipei/streetAddress=7F., No.52, Sec. 3, Nangang Rd., Nangang Dist., Taipei City 11510, Taiwan (R.O.C.)/O=Neweb Technologies Co., Ltd./OU=MIS/OU=Provided by Global Digital Inc./OU=GlobalTrustSSLWildcard/CN=*.neweb.com.tw
issuer=/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
---
No client certificate CA names sent
---
Ciphers common between both SSL endpoints:
DES-CBC3-MD5
---
SSL handshake has read 1720 bytes and written 364 bytes
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv2
Cipher : DES-CBC3-MD5
Session-ID: 00005DCC0C925C974EDD756D00001C76
Session-ID-ctx:
Master-Key: 139E982728ACA06528E2A5C276029BA0E5E25BD6F3E85B84
Key-Arg : C4A1588E79FC18C8
Start Time: 1323136366
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/899464
Title:
openssl failed when interacting with sslv2 server
Status in “openssl” package in Ubuntu:
Confirmed
Bug description:
Reference:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/592442
Initially it's found when using php5 to interact with the site https://aquarius.neweb.com.tw using the code below:
<?php file_get_contents('https://aquarius.neweb.com.tw');
Then Clint found the server doesn't support sslv3. So I tested it again with the commands below:
$ openssl s_client -ssl2 -host aquarius.neweb.com.tw -port 443
One more problem I met:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=589706
---
$ uname -a
Linux xxx 3.0.0-13-generic #22-Ubuntu SMP Wed Nov 2 13:27:26 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
$ openssl s_client -host aquarius.neweb.com.tw -port 443
CONNECTED(00000003)
140055608010400:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:591:
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/899464/+subscriptions
More information about the foundations-bugs
mailing list