When I tried to connect openfire port 5223 using the below openssl command,
openssl s_client -cipher ECDHE-RSA-AES256-GCM-SHA384 -connect 127.0.0.1:5223
It stuck at CONNECTED(00000003) message and it never come out until Ctrl+C is pressed.
openssl s_client -debug -cipher ECDHE-RSA-AES256-GCM-SHA384 -connect 127.0.0.1:5223
CONNECTED(00000003)
write to 0x1c608d0 [0x1c9c590] (119 bytes => 119 (0x77))
0000 - 16 03 01 00 72 01 00 00-6e 03 03 5c 0a 33 8b 63 …r…n…3.c
0010 - f1 f4 8b fe a5 c1 72 6a-c7 f2 d5 e0 60 00 bc 20 …rj…`…
0020 - a1 3f e3 d9 55 c8 fa 5a-c3 b1 b7 00 00 04 c0 30 .?..U…Z…0
0030 - 00 ff 01 00 00 41 00 0b-00 04 03 00 01 02 00 0a …A…
0040 - 00 08 00 06 00 19 00 18-00 17 00 23 00 00 00 0d …#…
0050 - 00 20 00 1e 06 01 06 02-06 03 05 01 05 02 05 03 . …
0060 - 04 01 04 02 04 03 03 01-03 02 03 03 02 01 02 02 …
0070 - 02 03 00 0f 00 01 01 …
Openfire version : 4.2.3
openssl version : openssl-1.0.1e-57.el6.x86_64
OS: linux
This particular cipher ECDHE-RSA-AES256-GCM-SHA384 is not in the allowed list of ciphers according to the server configuration.Still it is not throwing any error and stuck at CONNECTED(00000003) message.
But the same command running against 7443 port is throwing correct error and is coming out after the execution.
openssl s_client -cipher ECDHE-RSA-AES256-GCM-SHA384 -connect 127.0.0.1:7443
CONNECTED(00000003)
140370146608968:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 119 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
While running a good cipher against port 5223 also working properly.
Anybody know the reason for the stuck while executing against 5223?