TLS handshake failure i/o timeout

Discussion:

espeake-z3OK0Yh6KsD9d7wJ/

2014-09-18 13:02:16 UTC

I have an ubuntu 14.04 with openssl 1.0.1f-1ubuntu2.3 server running and a
another server connecting as the client with ubuntu 12.04 with openssl
1.0.1-4ubuntu5.16. I am getting an error about the TLS handshake failing
i/o timeout. I have tried using our internal wildcard certs on both
servers since I already have that on my web server , aka - the client, and
I generated a sif signed cert on the server and copied it to the client.
Both produce the same results.

On the server I took a tcpdump and then did an ssldup of that file and this
is what I am seeing for every connection:

210 1 0.0012 (0.0012) C>S Handshake
ClientHello
Version 3.1
cipher suites
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
Unknown value 0xc011
Unknown value 0xc012
Unknown value 0xc013
Unknown value 0xc014
compression methods
NULL

I have looking through posts trying to find an answer with no luck yet.
Any and all help is appreciated.

Thanks,
Eric Speake
Web Systems Administrator
O'Reilly Auto Parts
(417) 862-2674 Ext. 1975

This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS � 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users-MCmKBN63+***@public.gmane.org
Automated List Manager majordomo-MCmKBN63+***@public.gmane.org

Kyle Hamilton

2014-09-18 18:26:18 UTC

Permalink

This may sound basic, but have you verified that the firewall on the server is set up to allow communication from the client? I think Ubuntu's firewall rejects all traffic to ports that don't match what its installed and configured packages claim they run on, without external configuration.

-Kyle H

Post by espeake-z3OK0Yh6KsD9d7wJ/
I have an ubuntu 14.04 with openssl 1.0.1f-1ubuntu2.3 server running and a
another server connecting as the client with ubuntu 12.04 with openssl
1.0.1-4ubuntu5.16. I am getting an error about the TLS handshake failing
i/o timeout. I have tried using our internal wildcard certs on both
servers since I already have that on my web server , aka - the client, and
I generated a sif signed cert on the server and copied it to the client.
Both produce the same results.
On the server I took a tcpdump and then did an ssldup of that file and this
210 1 0.0012 (0.0012) C>S Handshake
ClientHello
Version 3.1
cipher suites
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
Unknown value 0xc011
Unknown value 0xc012
Unknown value 0xc013
Unknown value 0xc014
compression methods
NULL
I have looking through posts trying to find an answer with no luck yet.
Any and all help is appreciated.
Thanks,
Eric Speake
Web Systems Administrator
O'Reilly Auto Parts
(417) 862-2674 Ext. 1975
This communication and any attachments are confidential, protected by
Communications Privacy Act 18 USCS ï¿œ 2510, solely for the use of the
intended recipient, and may contain legally privileged material. If you
are not the intended recipient, please return or destroy it
immediately. Thank you.
______________________________________________________________________
OpenSSL Project http://www.openssl.org

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

espeake-z3OK0Yh6KsD9d7wJ/

2014-09-18 20:22:22 UTC

Permalink

Kyle,

Thanks for the reply. It was certificate issue. After I was able to line
the correct certs with the correct key it started working as advertised.

Thank you,
Eric Speake
Web Systems Administrator
O'Reilly Auto Parts
(417) 862-2674 Ext. 1975

From: Kyle Hamilton <***@gmail.com>
To: openssl-***@openssl.org, ***@oreillyauto.com
Date: 09/18/2014 01:29 PM
Subject: Re: TLS handshake failure i/o timeout

This may sound basic, but have you verified that the firewall on the server
is set up to allow communication from the client? I think Ubuntu's firewall
rejects all traffic to ports that don't match what its installed and
configured packages claim they run on, without external configuration.

-Kyle H

On September 18, 2014 6:02:16 AM PDT, ***@oreillyauto.com wrote:

I have an ubuntu 14.04 with openssl 1.0.1f-1ubuntu2.3 server running and
a
another server connecting as the client with ubuntu 12.04 with openssl
1.0.1-4ubuntu5.16. I am getting an error about the TLS handshake failing
i/o timeout. I have tried using our internal wildcard certs on both
servers since I already have that on my web server , aka - the client,
and
I generated a sif signed cert on the server and copied it to the client.
Both produce the same results.

On the server I took a tcpdump and then did an ssldup of that file and
this
is what I am seeing for every connection:

210 1 0.0012 (0.0012) C>S Handshake
ClientHello
Version 3.1
cipher suites
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
Unknown value 0xc011
Unknown value 0xc012
Unknown value 0xc013
Unknown value
0xc014
compression methods
NULL

I have looking through posts trying to find an answer with no luck yet.
Any and all help is appreciated.

Thanks,
Eric Speake
Web Systems Administrator
O'Reilly Auto Parts
(417) 862-2674 Ext. 1975

This communication and any attachments are confidential, protected by
Communications Privacy Act 18 USCS � 2510, solely for the use of the
intended recipient, and may contain legally privileged material. If you
are not the intended recipient, please return or destroy it immediately.
Thank you.

OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-***@openssl.org
Automated List Manager ***@openssl.org

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.-- This
message has been scanned for viruses and dangerous content, and is believed
to be clean. Message id: 5AF0F60079E.A6C39This communication and any attachments are confidential, protected by Communications Privacy Act 18 USCS § 2510, solely for the use of the intended recipient, and may contain legally privileged material. If you are not the intended recipient, please return or destroy it immediately. Thank you.
��H��7��m��
)z{,��RǫJ�i��Lj)b��)z{,��M��B���&jw��