[Freeswitch-users] SSL3_READ_BYTES:sslv3 alert handshake failure
Steven Ayre
steveayre at gmail.com
Tue Apr 22 18:31:55 MSD 2014
Can't help you with what the issue would be (though I'd verify your
date/time settings are correct)... but I would update your OpenSSL version
since 1.0.1e is vulnerable to the heartbleed bug.
On 22 April 2014 13:46, Assaf Dahary <adahary at gmail.com> wrote:
> Hi,
>
>
>
> I've successfully installed a FS server with TLS using PsitiveSSL and it
> is working great.
>
>
>
> Few days ago I've followed the same installation on another standalone
> machine with the same FS-1.2.22 and PsitivieSSL CA but this time I cannot
> connect over TLS.
>
>
>
> It seems that FS has no cipher to response with and it fails on
> negotiations.
>
>
>
> The PositiveSSL is OK because I verified it locally with "openssl
> s_client" and from the internet using browser/https.
>
>
>
> My ssl/ pem files are made with (like I did with the first server - OK):
>
> #cat mysite_com.crt myserver.key > agent.pem
>
> #cat PositiveSSLCA2.crt AddTrustExternalCARoot.crt > cafile.pem
>
> # chown freeswitch.freeswitch *.pem
>
> #chmod 640 *.pem
>
>
>
> When issuing "$ sslscan myfs.com:5091 | grep Accepted "
>
> I get no single cipher. I get long list of 'Rejected' ciphers.
>
> When I'm running the same command for my first server I get a list of supported ciphers – which is OK.
>
>
>
> When
>
> [root at www ~]# openssl s_client -connect myfs.com:5091
>
> CONNECTED(00000003)
>
> depth=2 C = SE, O = AddTrust AB, OU = AddTrust External TTP Network, CN = AddTrust External CA Root
>
> verify return:1
>
> depth=1 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA Limited, CN = PositiveSSL CA 2
>
> verify return:1
>
> depth=0 OU = Domain Control Validated, OU = PositiveSSL, CN = myfs.com
>
> verify return:1
>
> 140160541112136:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1256:SSL alert number 40
>
> 140160541112136:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
>
>
>
>
>
> I've already re-installed FS with clean config files.
>
>
>
> Centos 6.x 64, OpenSSL 1.0.1e-fips 11 Feb 2013.
>
>
>
> I would appreciate any help/tip on this TLS fail issue.
>
>
>
> Regards
>
>
>
> Assaf
>
>
>
>
> _________________________________________________________________________
> Professional FreeSWITCH Consulting Services:
> consulting at freeswitch.org
> http://www.freeswitchsolutions.com
>
>
>
>
> Official FreeSWITCH Sites
> http://www.freeswitch.org
> http://wiki.freeswitch.org
> http://www.cluecon.com
>
> FreeSWITCH-users mailing list
> FreeSWITCH-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20140422/7592b0df/attachment-0001.html
Join us at ClueCon 2013 Aug 6-8, 2013
More information about the FreeSWITCH-users
mailing list