[Ach] Testing with openssl s_time fails using nginx recommendations
Kjetil Birkeland Moe
kjetil at skifremme.no
Wed Aug 31 13:31:30 CEST 2016
Dear Ach members,
when using the nginx server recommendations in the Ach paper, I cannot
get the OpenSSL /s_time/ performance testing to work. Even the server
bettercrypto.org fails. Is this problem due to the nginx config, or with
OpenSSL?
Running "openssl s_time -connect bettercrypto.org:443 -cipher
AES128-GCM-SHA256 -time 2" returns "140373676381952:error:14094410:SSL
routines:ssl3_read_bytes:sslv3 alert handshake
failure:ssl/record/rec_layer_s3.c:1362:SSL alert number 40" in OpenSSL
1.1.0, and "140416684930936:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:769:" in 1.0.2h.
This problem has been found when running from Fedora 24, and also with
other ciphers than just the one mentioned above, as
ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA, AES256-SHA, but
not with AES128-SHA.
I am greatful for insight that would make it possible to use /s_time/
properly.
best regards,
Kjetil Birkeland Moe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20160831/f299a0c9/attachment.html>
More information about the Ach
mailing list