search for: alpn

Now that 7.4 CR has delivered OpenSSL 1.0.2, I should be able to serve http/2 pages to Chrome, but I still see messages that ALPN is not enabled. OpenSSL 1.0.2 is installed: $ rpm -qa |grep openssl openssl-libs-1.0.2k-8.el7.x86_64 openssl-1.0.2k-8.el7.x86_64 But https://tools.keycdn.com/http2-test says "www.stevenstern.me" supports http 2 but ALPN is not supported. Ideas? Does anything need to be explicitly en...

...session charset: UTF-8 * using options ?--no-build-vignettes --as-cran? * checking for file ?lbmisc/DESCRIPTION? ... OK * this is package ?lbmisc? version ?0.3.0? * checking CRAN incoming feasibility ...* Trying 172.23.0.30... * TCP_NODELAY set * Connected to (nil) (172.23.0.30) port 8080 (#0) * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@ STRENGTH * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol * Curl_http_done: called premature ==...

...----------------------------------- ~ # R --slave -e 'options(internet.info = 0); foo <- readRDS(gzcon(url("https://cran.rstudio.com/src/contrib/Meta/archive.rds")))' * Trying 13.33.54.118:443... * TCP_NODELAY set * Connected to cran.rstudio.com (13.33.54.118) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: none * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server accepted to use h2 * Server certificate: * subject: CN=cran.rstudio.com...

...client certificate CA names sent >> --- >> SSL handshake has read 309 bytes and written 202 bytes >> Verification: OK >> --- >> New, (NONE), Cipher is (NONE) >> Secure Renegotiation IS NOT supported >> Compression: NONE >> Expansion: NONE >> No ALPN negotiated >> SSL-Session: >> ??? Protocol? : TLSv1.2 >> ??? Cipher??? : 0000 >> ??? Session-ID: >> ??? Session-ID-ctx: >> ??? Master-Key: >> ??? PSK identity: None >> ??? PSK identity hint: None >> ??? SRP username: None >> ??? Start Time...

...rror: CONNECTED(00000003) write:errno=0 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 309 bytes and written 202 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: ??? Protocol? : TLSv1.2 ??? Cipher??? : 0000 ??? Session-ID: ??? Session-ID-ctx: ??? Master-Key: ??? PSK identity: None ??? PSK identity hint: None ??? SRP username: None ??? Start Time: 1532969474 ??? Timeout?? : 7200 (sec) ??? Verify return code: 0 (ok) ??? Extended master...

...mp Key: X25519, 253 bits --- SSL handshake has read 2322 bytes and written 392 bytes Verification error: unable to verify the first certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 21 (unable to verify the first certificate) When I tried to connect with command line: openssl s_client -showcerts -no_tls1_3 -connect server:993 No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Ser...

...t;>> --- >>> SSL handshake has read 309 bytes and written 202 bytes >>> Verification: OK >>> --- >>> New, (NONE), Cipher is (NONE) >>> Secure Renegotiation IS NOT supported >>> Compression: NONE >>> Expansion: NONE >>> No ALPN negotiated >>> SSL-Session: >>> ??? Protocol? : TLSv1.2 >>> ??? Cipher??? : 0000 >>> ??? Session-ID: >>> ??? Session-ID-ctx: >>> ??? Master-Key: >>> ??? PSK identity: None >>> ??? PSK identity hint: None >>> ??? SRP us...

...mp Key: X25519, 253 bits --- SSL handshake has read 3041 bytes and written 393 bytes Verification error: unable to verify the first certificate --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 21 (unable to verify the first certificate) # checking my connexion with intermediate certificate openssl s_client -showcerts -connect localhost:636 -CAfile /etc/ssl/certs/ad-rep2.example.com-2020-intermediate.pem CONNECTED(00000003) Can'...

...rtificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 309 bytes and written 202 bytes > Verification: OK > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > SSL-Session: > ??? Protocol? : TLSv1.2 > ??? Cipher??? : 0000 > ??? Session-ID: > ??? Session-ID-ctx: > ??? Master-Key: > ??? PSK identity: None > ??? PSK identity hint: None > ??? SRP username: None > ??? Start Time: 1532969474 > ??? Timeout?? : 7200 (...

...en 393 bytes >> Verification error: unable to verify the first certificate >> --- >> New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 >> Server public key is 2048 bit >> Secure Renegotiation IS NOT supported >> Compression: NONE >> Expansion: NONE >> No ALPN negotiated >> Early data was not sent >> Verify return code: 21 (unable to verify the first certificate) >> >> # checking my connexion with intermediate certificate >> >> openssl s_client -showcerts -connect localhost:636 -CAfile >> /etc/ssl/certs/ad-rep2.e...

>> facing [ no shared cipher ] error with EC private keys. > the client connecting to your instance has to support ecdsa > > It does - Thunderbird 60.0b10 (64-bit) [ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ] It seems there is a difference between the private key (rsa vs. ecc -> SSL_CTX?) used for the certificate signing request and the signed certificate. The csr

...ke has read 3041 bytes and written 393 bytes > Verification error: unable to verify the first certificate > --- > New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 > Server public key is 2048 bit > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > Early data was not sent > Verify return code: 21 (unable to verify the first certificate) > > # checking my connexion with intermediate certificate > > openssl s_client -showcerts -connect localhost:636 -CAfile > /etc/ssl/certs/ad-rep2.example.com-2020-intermedia...

..._SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 305 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1544521696 Timeout : 300 (sec) Verify return code: 0 (ok)...

...ec.com CONNECTED(00000004) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 199 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: PSK identity: None PSK identity hint: None SRP username: None Start Time: 1519576210 Timeout : 7200 (sec) Verify return code: 0 (ok) Ext...

...dshake has read 309 bytes and written 202 bytes > >>> Verification: OK > >>> --- > >>> New, (NONE), Cipher is (NONE) > >>> Secure Renegotiation IS NOT supported > >>> Compression: NONE > >>> Expansion: NONE > >>> No ALPN negotiated > >>> SSL-Session: > >>> ??? Protocol? : TLSv1.2 > >>> ??? Cipher??? : 0000 > >>> ??? Session-ID: > >>> ??? Session-ID-ctx: > >>> ??? Master-Key: > >>> ??? PSK identity: None > >>> ??? PSK ide...

In setting up my new mail server, I am getting the following in the logs: Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS handshaking: SSL_accept() syscall failed: Success*, session=<B9OokqCUD+UYNU8K> I have tried various ssl_protocols entries, but for now have defaulted back to

...eer signing digest: SHA512 Server Temp Key: ECDH, P-384, 384 bits --- SSL handshake has read 4882 bytes and written 360 bytes Verification: OK --- New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384 Server public key is 4096 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: ????Protocol??: TLSv1.2 ????Cipher????: ECDHE-RSA-AES256-GCM-SHA384 ????Session-ID: E75B0B35DFEFC9F6CABD8851BAA4B2A2E2AE309E3A203333C7CD9CCC4AE0C9A6 ????Session-ID-ctx:? ????Master-Key: 2D90C5223EB2265793E990153B3877E07B8FF1DCED85EB3A8FC853E3CE4E1C9A5BFF1FA 7123D7FB1CAC517A4...

...> --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 0 bytes and written 307 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > SSL-Session: > Protocol : TLSv1.2 > Cipher : 0000 > Session-ID: > Session-ID-ctx: > Master-Key: > Key-Arg : None > PSK identity: None > PSK identity hint: None > SRP username: None > Start Time: 1557988789 &...

Hi, Does Samba-AD support TLS 1.2 for LDAPS? If yes, can some one give more details on its configuration? Regards, Ananth

...y openssl s_client -showcerts -connect ad-rep2.example.com:636 .... SSL handshake has read 6020 bytes and written 428 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 2048 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) Note : You're quite right Christopher about not using localhost. I retested with the FQDN but without the modifications Nick suggested above, It doesn't work either. By the way, should the Samba's documentation (https://wik...