Displaying 20 results from an estimated 42 matches for "alpn".
Did you mean:
alan
2017 Aug 26
2
ALPN and Http/2, CentOS 7.4
Now that 7.4 CR has delivered OpenSSL 1.0.2, I should be able to serve
http/2 pages to Chrome, but I still see messages that ALPN is not enabled.
OpenSSL 1.0.2 is installed:
$ rpm -qa |grep openssl
openssl-libs-1.0.2k-8.el7.x86_64
openssl-1.0.2k-8.el7.x86_64
But https://tools.keycdn.com/http2-test says "www.stevenstern.me"
supports http 2 but ALPN is not supported.
Ideas? Does anything need to be explicitly en...
2017 Feb 06
0
Fwd: issue
...session charset: UTF-8
* using options ?--no-build-vignettes --as-cran?
* checking for file ?lbmisc/DESCRIPTION? ... OK
* this is package ?lbmisc? version ?0.3.0?
* checking CRAN incoming feasibility ...* Trying 172.23.0.30...
* TCP_NODELAY set
* Connected to (nil) (172.23.0.30) port 8080 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@
STRENGTH
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Curl_http_done: called premature ==...
2020 Jan 22
1
Memory error in the libcurl connection code
...-----------------------------------
~ # R --slave -e 'options(internet.info = 0); foo <-
readRDS(gzcon(url("https://cran.rstudio.com/src/contrib/Meta/archive.rds")))'
* Trying 13.33.54.118:443...
* TCP_NODELAY set
* Connected to cran.rstudio.com (13.33.54.118) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=cran.rstudio.com...
2018 Jul 30
2
2.3.2.1 - EC keys suppport?
...client certificate CA names sent
>> ---
>> SSL handshake has read 309 bytes and written 202 bytes
>> Verification: OK
>> ---
>> New, (NONE), Cipher is (NONE)
>> Secure Renegotiation IS NOT supported
>> Compression: NONE
>> Expansion: NONE
>> No ALPN negotiated
>> SSL-Session:
>> ??? Protocol? : TLSv1.2
>> ??? Cipher??? : 0000
>> ??? Session-ID:
>> ??? Session-ID-ctx:
>> ??? Master-Key:
>> ??? PSK identity: None
>> ??? PSK identity hint: None
>> ??? SRP username: None
>> ??? Start Time...
2018 Jul 30
2
2.3.2.1 - EC keys suppport?
...rror:
CONNECTED(00000003)
write:errno=0
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 309 bytes and written 202 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
??? Protocol? : TLSv1.2
??? Cipher??? : 0000
??? Session-ID:
??? Session-ID-ctx:
??? Master-Key:
??? PSK identity: None
??? PSK identity hint: None
??? SRP username: None
??? Start Time: 1532969474
??? Timeout?? : 7200 (sec)
??? Verify return code: 0 (ok)
??? Extended master...
2019 Jul 18
1
Dovecot 2.3.0 TLS
...mp Key: X25519, 253 bits
---
SSL handshake has read 2322 bytes and written 392 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
When I tried to connect with command line: openssl s_client -showcerts -no_tls1_3 -connect server:993
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Ser...
2018 Jul 30
0
2.3.2.1 - EC keys suppport?
...t;>> ---
>>> SSL handshake has read 309 bytes and written 202 bytes
>>> Verification: OK
>>> ---
>>> New, (NONE), Cipher is (NONE)
>>> Secure Renegotiation IS NOT supported
>>> Compression: NONE
>>> Expansion: NONE
>>> No ALPN negotiated
>>> SSL-Session:
>>> ??? Protocol? : TLSv1.2
>>> ??? Cipher??? : 0000
>>> ??? Session-ID:
>>> ??? Session-ID-ctx:
>>> ??? Master-Key:
>>> ??? PSK identity: None
>>> ??? PSK identity hint: None
>>> ??? SRP us...
2020 Aug 04
2
Problem with intermediate certificate (tls cafile)
...mp Key: X25519, 253 bits
---
SSL handshake has read 3041 bytes and written 393 bytes
Verification error: unable to verify the first certificate
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 21 (unable to verify the first certificate)
# checking my connexion with intermediate certificate
openssl s_client -showcerts -connect localhost:636 -CAfile
/etc/ssl/certs/ad-rep2.example.com-2020-intermediate.pem
CONNECTED(00000003)
Can'...
2018 Jul 30
0
2.3.2.1 - EC keys suppport?
...rtificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 309 bytes and written 202 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
> ??? Protocol? : TLSv1.2
> ??? Cipher??? : 0000
> ??? Session-ID:
> ??? Session-ID-ctx:
> ??? Master-Key:
> ??? PSK identity: None
> ??? PSK identity hint: None
> ??? SRP username: None
> ??? Start Time: 1532969474
> ??? Timeout?? : 7200 (...
2020 Aug 06
4
Problem with intermediate certificate (tls cafile)
...en 393 bytes
>> Verification error: unable to verify the first certificate
>> ---
>> New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
>> Server public key is 2048 bit
>> Secure Renegotiation IS NOT supported
>> Compression: NONE
>> Expansion: NONE
>> No ALPN negotiated
>> Early data was not sent
>> Verify return code: 21 (unable to verify the first certificate)
>>
>> # checking my connexion with intermediate certificate
>>
>> openssl s_client -showcerts -connect localhost:636 -CAfile
>> /etc/ssl/certs/ad-rep2.e...
2018 Jul 29
4
2.3.2.1 - EC keys suppport?
>> facing [ no shared cipher ] error with EC private keys.
> the client connecting to your instance has to support ecdsa
>
>
It does - Thunderbird 60.0b10 (64-bit)
[ security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384;true ]
It seems there is a difference between the private key (rsa vs. ecc ->
SSL_CTX?) used for the certificate signing request and the signed
certificate.
The csr
2020 Aug 06
0
Problem with intermediate certificate (tls cafile)
...ke has read 3041 bytes and written 393 bytes
> Verification error: unable to verify the first certificate
> ---
> New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
> Server public key is 2048 bit
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> Early data was not sent
> Verify return code: 21 (unable to verify the first certificate)
>
> # checking my connexion with intermediate certificate
>
> openssl s_client -showcerts -connect localhost:636 -CAfile
> /etc/ssl/certs/ad-rep2.example.com-2020-intermedia...
2018 Dec 11
3
"no shared cypher", no matter what I try
..._SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1544521696
Timeout : 300 (sec)
Verify return code: 0 (ok)...
2018 Feb 25
3
Unexpected config results with local_name + multiple SSL certs
...ec.com
CONNECTED(00000004)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 199 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1519576210
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Ext...
2018 Jul 30
3
2.3.2.1 - EC keys suppport?
...dshake has read 309 bytes and written 202 bytes
> >>> Verification: OK
> >>> ---
> >>> New, (NONE), Cipher is (NONE)
> >>> Secure Renegotiation IS NOT supported
> >>> Compression: NONE
> >>> Expansion: NONE
> >>> No ALPN negotiated
> >>> SSL-Session:
> >>> ??? Protocol? : TLSv1.2
> >>> ??? Cipher??? : 0000
> >>> ??? Session-ID:
> >>> ??? Session-ID-ctx:
> >>> ??? Master-Key:
> >>> ??? PSK identity: None
> >>> ??? PSK ide...
2019 Oct 11
3
Error: SSL_accept() syscall failed
In setting up my new mail server, I am getting the following in the logs:
Oct 11 07:10:59 kumo dovecot[5704]: imap-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=24.53.79.10, lip=172.26.12.90, *TLS
handshaking: SSL_accept() syscall failed: Success*,
session=<B9OokqCUD+UYNU8K>
I have tried various ssl_protocols entries, but for now have defaulted
back to
2018 Jul 24
1
dovecot sometimes sends non-default SSL cert if IMAP client won't send SNI
...eer signing digest: SHA512
Server Temp Key: ECDH, P-384, 384 bits
---
SSL handshake has read 4882 bytes and written 360 bytes
Verification: OK
---
New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 4096 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
????Protocol??: TLSv1.2
????Cipher????: ECDHE-RSA-AES256-GCM-SHA384
????Session-ID:
E75B0B35DFEFC9F6CABD8851BAA4B2A2E2AE309E3A203333C7CD9CCC4AE0C9A6
????Session-ID-ctx:?
????Master-Key:
2D90C5223EB2265793E990153B3877E07B8FF1DCED85EB3A8FC853E3CE4E1C9A5BFF1FA
7123D7FB1CAC517A4...
2019 May 16
0
imap failing
...> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 0 bytes and written 307 bytes
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
> Protocol : TLSv1.2
> Cipher : 0000
> Session-ID:
> Session-ID-ctx:
> Master-Key:
> Key-Arg : None
> PSK identity: None
> PSK identity hint: None
> SRP username: None
> Start Time: 1557988789
&...
2019 May 29
2
TLS 1.2 Support Samba-AD
Hi,
Does Samba-AD support TLS 1.2 for LDAPS? If yes, can some one give more
details on its configuration?
Regards,
Ananth
2020 Aug 10
0
[Solved] Problem with intermediate certificate (tls cafile)
...y
openssl s_client -showcerts -connect ad-rep2.example.com:636
....
SSL handshake has read 6020 bytes and written 428 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
Note : You're quite right Christopher about not using localhost. I
retested with the FQDN but without the modifications Nick suggested
above, It doesn't work either.
By the way, should the Samba's documentation
(https://wik...