Mailinglist Archive: opensuse (856 mails)

< Previous Next >
Re: [opensuse] vsftpd and SSL failure WITH SOME PROGRESS
On 9/23/2016 10:42 PM, Admin Beckspaced wrote:



Thanks again Beckie - WINSCP also failed, same problem... I am batting 0 for 3 now...

ok ... did you enable debug_ssl=YES ... restart & look into the error log?

what's the error log saying?

also ... are these your self created certificate & private key?

or did you get some test cert from http://www.selfsignedcertificate.com/

just to minimize errors and make sure there's nothing wrong with the certificate & key itself?

not challenging your know-how, of course ;)

greetings & best of luck
becki

Hello again Becki and OpenSuSE folks - Sorry for my delay in responding, I got sidelined this week on other problems.... Yes I am using self signed certificates and used a more nuanced approach in generating them starting with a self signed CA, and then using it to sign a certificate for my server. The process I followed is described at - http://stackoverflow.com/questions/21297139/how-do-you-sign-certificate-signing-request-with-your-certification-authority/21340898#21340898

I also followed all the steps to verify the certificates and nothing seems wrong with them. I even imported my CA certificate into Windows and it did not complain about it either and was willing to display the contents back to me after I had installed it. So I really don't get a feeling that anything is wrong with the certificates or with the keys...

To do a bit of further testing I used openssl in its client mode to connect to my server and turned on debug messages as well. I got a different error message as can be seen in the following output, which seems suspicious to my untrained eyes but I really don't know what it means. Goggle is not providing me any joy either...

Doing this on my OpenSuSE server -
openssl s_client -connect localhost:21 -state -nbio
CONNECTED(00000003)
turning on non blocking io
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
write R BLOCK
SSL_connect:error in SSLv2/v3 read server hello A
139683917674128:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:795:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 261 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE


And doing this on my Windows 10 laptop using the GNU tools -

c:\Program Files (x86)\GnuWin32\bin>openssl s_client -starttls ftp -connect bigbang:21 -state -nbio
Loading 'screen' into random state - done
CONNECTED(00000208)
turning on non blocking io
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:error in SSLv2/v3 read server hello A
7848:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:./ssl/s23_clnt.c:585:

Anyone want to hazard a guess as to what this "unknown protocol" error means?

Thanks again for any and all suggestions, I am kinda lost... Marc...


--
"The Truth is out there" - Spooky

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups