[Freeswitch-users] SSL3_READ_BYTES:sslv3 alert handshake failure
adahary at gmail.com
Tue Apr 22 16:46:29 MSD 2014
I've successfully installed a FS server with TLS using PsitiveSSL and it is
Few days ago I've followed the same installation on another standalone
machine with the same FS-1.2.22 and PsitivieSSL CA but this time I cannot
connect over TLS.
It seems that FS has no cipher to response with and it fails on
The PositiveSSL is OK because I verified it locally with "openssl s_client"
and from the internet using browser/https.
My ssl/ pem files are made with (like I did with the first server - OK):
#cat mysite_com.crt myserver.key > agent.pem
#cat PositiveSSLCA2.crt AddTrustExternalCARoot.crt > cafile.pem
# chown freeswitch.freeswitch *.pem
#chmod 640 *.pem
When issuing "$ sslscan myfs.com:5091 | grep Accepted "
I get no single cipher. I get long list of 'Rejected' ciphers.
When I'm running the same command for my first server I get a list of
supported ciphers - which is OK.
[root at www ~]# openssl s_client -connect myfs.com:5091
depth=2 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN =
AddTrust External CA Root
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited,
CN = PositiveSSL CA 2
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = myfs.com
140160541112136:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
handshake failure:s3_pkt.c:1256:SSL alert number 40
140160541112136:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
I've already re-installed FS with clean config files.
Centos 6.x 64, OpenSSL 1.0.1e-fips 11 Feb 2013.
I would appreciate any help/tip on this TLS fail issue.
-------------- next part --------------
An HTML attachment was scrubbed...
Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users