powered by Jive Software

Opensssl connect using a bad cipher stuck at CONNECTED(00000003)


#1

When I tried to connect openfire port 5223 using the below openssl command,

openssl s_client -cipher ECDHE-RSA-AES256-GCM-SHA384 -connect 127.0.0.1:5223

It stuck at CONNECTED(00000003) message and it never come out until Ctrl+C is pressed.


openssl s_client -debug -cipher ECDHE-RSA-AES256-GCM-SHA384 -connect 127.0.0.1:5223
CONNECTED(00000003)
write to 0x1c608d0 [0x1c9c590] (119 bytes => 119 (0x77))
0000 - 16 03 01 00 72 01 00 00-6e 03 03 5c 0a 33 8b 63 …r…n…3.c
0010 - f1 f4 8b fe a5 c1 72 6a-c7 f2 d5 e0 60 00 bc 20 …rj…`…
0020 - a1 3f e3 d9 55 c8 fa 5a-c3 b1 b7 00 00 04 c0 30 .?..U…Z…0
0030 - 00 ff 01 00 00 41 00 0b-00 04 03 00 01 02 00 0a …A…
0040 - 00 08 00 06 00 19 00 18-00 17 00 23 00 00 00 0d …#…
0050 - 00 20 00 1e 06 01 06 02-06 03 05 01 05 02 05 03 . …
0060 - 04 01 04 02 04 03 03 01-03 02 03 03 02 01 02 02 …
0070 - 02 03 00 0f 00 01 01 …

Openfire version : 4.2.3
openssl version : openssl-1.0.1e-57.el6.x86_64
OS: linux

This particular cipher ECDHE-RSA-AES256-GCM-SHA384 is not in the allowed list of ciphers according to the server configuration.Still it is not throwing any error and stuck at CONNECTED(00000003) message.

But the same command running against 7443 port is throwing correct error and is coming out after the execution.

openssl s_client -cipher ECDHE-RSA-AES256-GCM-SHA384 -connect 127.0.0.1:7443
CONNECTED(00000003)

140370146608968:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:


no peer certificate available


No client certificate CA names sent


SSL handshake has read 0 bytes and written 119 bytes


New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

While running a good cipher against port 5223 also working properly.

Anybody know the reason for the stuck while executing against 5223?