On m'a posé la question du handshake, mais la commande openssl en utilisant -prexit ou -msg ou même en spécifiant -tls1 ou -ssl3, rien n'y fait/ne m'aide.
root@DB:/etc/ldap/cert_old# openssl s_client -prexit -connect db.m0le.net:636 -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:unknown state
140642600560296:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 308 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 308 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
root@DB:/etc/ldap/cert_old# openssl s_client -tls1 -connect db.m0le.net:636 -state [32/1540]
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:failed in SSLv3 read server hello A
140083957143208:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1410423787
Timeout : 7200(sec)
Verify return code: 0(ok)
---
root@DB:/etc/ldap/cert_old# openssl s_client -ssl3 -connect db.m0le.net:636 -state [1/1540]
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:failed in SSLv3 read server hello A
140624822658728:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv3
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1410423801
Timeout : 7200(sec)
Verify return code: 0(ok)
---
# Debug handshake
Posté par Nono (site web personnel) . En réponse au message LDAP over TLS - unsupported extended operation. Évalué à 1.
On m'a posé la question du handshake, mais la commande openssl en utilisant -prexit ou -msg ou même en spécifiant -tls1 ou -ssl3, rien n'y fait/ne m'aide.
de même
Donc, pas vraiment d'idée :/