search

datanoise / openssl.cr

OpenSSL binding for Crystal language
MIT License
20 stars 11 forks source link

Unable to complete the handshake #4

Closed bararchy closed 9 years ago

bararchy commented 9 years ago

I'm using the following code: 

require "../src/openssl"
require "socket"

begin
  tcp_server = TCPServer.new(55555)
rescue e : Exception
  puts "Error in socket: #{e}"
end

if tcp_server
  context = OpenSSL::SSL::Context.new(OpenSSL::SSL::Method::SSLv23)
  context.private_key_file = "new.key"
  context.certificate_file = "cert.pem"
  context.cipher_list = "HIGH:!aNULL:!kRSA:!PSK:!SRP!MD5:!RC4"
  #context.set_options(LibSSL::OP_NO_SSLv2 | LibSSL::OP_NO_SSLv3)
  puts context.inspect
    loop do
      begin
        client = tcp_server.accept
        puts "In loop! accepted connection: #{client.inspect}"
        OpenSSL::SSL::Socket.new_server(client, context) do |ssl_server|
          buf :: UInt8[512]
          slice = buf.to_slice
          loop do
            len = ssl_server.read(slice)
            if len > 0
              ssl_server.write(slice[0, len])
            else
              break
            end
          end
        end
    rescue e : Exception
      puts "Error in SSL socket: #{e.message}\r\nlog: #{e.backtrace}"
    end
  end
end

Using your lib, latest version (I have a key.pem and cert.pem which I know works with ruby And I try scanning my socket using

1) https://github.com/bararchy/ruby-SSLscanner 2) https://github.com/rbsec/sslscan

Both show that the server dosn't support any cipher, and from the server I get those errors:

Error in SSL socket: error:140780E5:SSL routines:ssl23_read:ssl handshake failure
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 69>
Error in SSL socket: error:140780E5:SSL routines:ssl23_read:ssl handshake failure
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 70>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 71>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 72>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 73>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 74>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 75>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 78>
Error in SSL socket: error:140780E5:SSL routines:ssl23_read:ssl handshake failure
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 80>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 7>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 8>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 9>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 10>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 11>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 12>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 13>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 14>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 15>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 16>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
In loop! accepted connection: #<TCPSocket:fd 17>
Error in SSL socket: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher
log: ["*Exception@Exception#initialize<OpenSSL::SSL::SSLError, String?>:Array(String) +46 [0]", "*OpenSSL::SSL::SSLError@OpenSSL::OpenSSLError#initialize<OpenSSL::SSL::SSLError, Nil>:Array(String) +98 [0]", "*OpenSSL::SSL::SSLError::new<Nil>:OpenSSL::SSL::SSLError +114 [0]", "*OpenSSL::SSL::SSLError::new:OpenSSL::SSL::SSLError +8 [0]", "*OpenSSL::SSL::Socket#check_error<OpenSSL::SSL::Socket, Int32>:Nil +18 [0]", "*OpenSSL::SSL::Socket#read<OpenSSL::SSL::Socket, Slice(UInt8), Int32>:Int32 +87 [0]", "*OpenSSL::SSL::Socket@IO#read<OpenSSL::SSL::Socket, Slice(UInt8)>:Int32 +60 [0]", "__crystal_main +3121 [0]", "main +32 [0]", "__libc_start_main +240 [0]", "_start +41 [0]", " +41 [0]"]
bararchy commented 9 years ago

Also OpenSSL s_client shows this:

openssl s_client -host 127.0.0.1 -port 55555
CONNECTED(00000003)
140014019843728:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 348 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---
datanoise commented 9 years ago

according to error messages, the server couldn't negotiate a cipher algorithm. Is any particular reason why you need to explicitly disable RSA (!kRSA)? My guess is that RSA is used as a signature algorithm in your certificate.

Anyway, I think this is more of a openssl related question, nothing to do with the binding per se.

bararchy commented 9 years ago

@datanoise my bad... this is what happens when you overkill with hardening

Working with "!ADH:!RC4:!aNULL:!MD5:!EXPORT:!SSLv2:HIGH"

Sorry. Closing issue.