[Freeswitch-users] SSL3_READ_BYTES:sslv3 alert handshake failure

[Assaf Dahary]

Hi,

 

I've successfully installed a FS server with TLS using PsitiveSSL and it is
working great.

 

Few days ago I've followed the same installation on another standalone
machine with the same FS-1.2.22 and  PsitivieSSL CA but this time I cannot
connect over TLS. 

 

It seems that FS has no cipher to response with and it fails on
negotiations.

 

The PositiveSSL is OK because I verified it locally with "openssl s_client"
and from the internet using browser/https.

 

My ssl/ pem files are made with (like I did with the first server - OK):

#cat mysite_com.crt myserver.key > agent.pem

#cat PositiveSSLCA2.crt AddTrustExternalCARoot.crt > cafile.pem

# chown freeswitch.freeswitch *.pem

#chmod 640 *.pem

 

When issuing "$ sslscan myfs.com:5091 | grep Accepted " 
I get no single cipher. I get long list of 'Rejected' ciphers.
When I'm running the same command for my first server I get a list of
supported ciphers - which is OK.
 
When 
[root at www ~]# openssl s_client -connect myfs.com:5091
CONNECTED(00000003)
depth=2 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN =
AddTrust External CA Root
verify return:1
depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited,
CN = PositiveSSL CA 2
verify return:1
depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = myfs.com
verify return:1
140160541112136:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
handshake failure:s3_pkt.c:1256:SSL alert number 40
140160541112136:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:177:
 
 
I've already re-installed FS with clean config files.
 
Centos 6.x 64, OpenSSL 1.0.1e-fips 11 Feb 2013.
 
I would appreciate any help/tip on this TLS fail issue.
 
Regards
 
Assaf
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140422/dabeee25/attachment-0001.html