[rabbitmq-discuss] sslv3 alert handshake failure for TLS Web Server certificates
Nathaniel Haggard
natester at gmail.com
Wed Oct 26 17:49:09 BST 2011
On Wed, Oct 26, 2011 at 2:48 AM, Matthias Radestock
<matthias at rabbitmq.com> wrote:
> Nate,
>
> On 25/10/11 17:52, Nathaniel Haggard wrote:
>>
>> On Mon, Oct 24, 2011 at 5:36 PM, Alexandru Scvorţov
>>>
>>> So, are you using the same version of Erlang in both tests?
>>
>> Yes.
>
> ok. But...
>
>> The tests I'm do go like this:
>>
>> 1. openssl s_client -host 127.0.0.1 -port 5671 -key
>> keys/serverlike.key -cert keys/serverlike.crt
>> 2. openssl s_client -host 127.0.0.1 -port 5671 -key
>> keys/clientlike.key -cert keys/clientlike.crt
>> 3. openssl s_client -host myrabbit172 -port 5671 -key
>> keys/serverlike.key -cert keys/serverlike.crt
>> 4. openssl s_client -host myrabbit172 -port 5671 -key
>> keys/clientlike.key -cert keys/clientlike.crt
>>
>> 1 fails and 2 passes on rabbitmq-2.4.1 with erlang R14B03.
>>
>> 3 and 4 pass on rabbitmq-1.7.2 with erlang R13B04.
>
> ...that's two different versions of Erlang.
Yes, I used the same version of erlang for both 1. and 2. and a
different version of erlang for both 3 and 4.
It looks like erlang does care about extended key usage since OTP-8554
"Ssl now correctly verifies the extended_key_usage extension and also
allows the user to verify application specific extensions by supplying
an appropriate fun."
-http://www.erlang.org/download/otp_src_R14A.readme
More information about the rabbitmq-discuss
mailing list