curl-users
RE: block cipher pad is wrong
Date: Wed, 8 Nov 2000 13:55:30 +0900
Thank you for the reply.
> It seems that if you force curl to use SSLv2 it works at least for me. Try
the -2 option!
I tried -2 option. It works.
> It means OpenSSL got problems.
1.When execute openssl command without -ssl2 option,the follwing messages comes up.
l>openssl s_client -connect www.rnavi.isize.com:443 -state
Loading 'screen' into random state - done
CONNECTED(000000EC)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=2 /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certificatio
n Services Division/CN=Thawte Server CA/Email=server-certs_at_thawte.com
verify error:num=19:self signed certificate in certificate chain
verify return:0
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:failed in SSLv3 read finished A
997:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:./ssl/s23_lib.
c:216:
2.When try -ssl2 option, It works well.
D:\Tools\openssl>openssl s_client -connect www.rnavi.isize.com:443 -state -ssl2
Loading 'screen' into random state - done
CONNECTED(000000EC)
SSL_connect:before/connect initialization
SSL_connect:SSLv2 write client hello A
depth=0 /C=JP/ST=Tokyo/L=Chuo-ku/O=Recruit Co., Ltd./OU=FIT_rn15/CN=www.rnavi.is
ize.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=JP/ST=Tokyo/L=Chuo-ku/O=Recruit Co., Ltd./OU=FIT_rn15/CN=www.rnavi.is
ize.com
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=JP/ST=Tokyo/L=Chuo-ku/O=Recruit Co., Ltd./OU=FIT_rn15/CN=www.rnavi.is
ize.com
verify error:num=21:unable to verify the first certificate
verify return:1
SSL_connect:SSLv2 read server hello A
SSL_connect:SSLv2 write client master key A
SSL_connect:SSLv2 client start encryption
SSL_connect:SSLv2 write client finished A
SSL_connect:SSLv2 read server verify A
SSL_connect:SSLv2 read server finished A
---
Server certificate
-----BEGIN CERTIFICATE-----
omit
-----END CERTIFICATE-----
subject=/C=JP/ST=Tokyo/L=Chuo-ku/O=Recruit Co., Ltd./OU=FIT_rn15/CN=www.rnavi.is
ize.com
issuer=/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits liab.)
/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server Certification Auth
ority
---
No client certificate CA names sent
---
Ciphers common between both SSL endpoints:
DES-CBC3-MD5
---
SSL handshake has read 1580 bytes and written 242 bytes
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 1024 bit
SSL-Session:
Protocol : SSLv2
Cipher : DES-CBC3-MD5
Session-ID: 00006925D2516EFE3A08DB8000000000
Session-ID-ctx:
Master-Key: E1DB316898E011658544FAC407CB315F9DB3DC4A916D2898
Key-Arg : FDC70482644DE4AA
Start Time: 973658934
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
Thanks.
Masa
> -----Original Message-----
> From: owner-curl_at_contactor.se [mailto:owner-curl_at_contactor.se]On Behalf Of Daniel Stenberg
> Sent: Tuesday, November 07, 2000 8:33 PM
> To: Curl Mailinglist
> Subject: Re: block cipher pad is wrong
>
>
> On Tue, 7 Nov 2000, Masahiro Inoue wrote:
>
> > D:\Tools\curl>curl https://www.rnavi.isize.com
> > curl: (36) SSL: error:14086081:SSL routines:SSL3_ENC:block cipher pad is wrong
> >
> > What does that means?
>
> It means OpenSSL got problems.
>
> I could repeat this problem on my solaris curl once. On repeated tries it
> didn't fail at all but that site didn't return anything either!
>
> > When accessed to the same URL via I.E or Netscape,nothing happened.
>
> They don't use openssl.
>
> It seems that if you force curl to use SSLv2 it works at least for me. Try
> the -2 option!
>
> --
> Daniel Stenberg -- curl project maintainer -- http://curl.haxx.se/
>
Received on 2000-11-08