[Haskell-cafe] Taking the TLS package for a spin ... and failing

Vincent Hanquez tab at snarc.org
Mon Dec 13 09:51:29 CET 2010


On Sun, Dec 12, 2010 at 08:13:59PM +0100, Mads Lindstrøm wrote:
> Hi Haskellers,
> 
> 
> I am trying to connect a Java client to a Haskell server using the
> Haskell tls package, and things are not working out for me. There is a
> lot of steps involved and I do not know what I am doing wrong, so this
> is a long message. But first I create a private/public key-pair:

On Mon, Dec 13, 2010 at 01:22:17AM +0100, Mads Lindstrøm wrote:
> Hi again,
> 
> I found a simpler way to test the server connection, but it is still not
> working. Namely,
> 
> > openssl s_client -connect 192.168.1.6:8000

Hi Mads,

This one has to do with the fact that openssl try to send a SSLv2 hello
message, which is not yet supported by TLS (and not in the supported Version
list in the params if it was).

unfortunately lots of clients still do that for compatibility; even though
that doesn't buy much since nobody should connect to a pure SSLv2 server.

For the openssl cmdline, you can add a simple -ssl3 flag or -tls1 flag to start
negociating at the right version straight away.

> [snip]
> main, WRITE: SSLv2 client hello message, length = 101
> [snip]

This lines appears suspicious; I think that's exactly the same problem.  I
suppose there's a way to instanciate your java SSL connection to SSL3 or TLS1

It would be nice to add support to the SSLv2 hello message directly though,
but I don't have any timeline for that to happens.

-- 
Vincent



More information about the Haskell-Cafe mailing list