[Ach] Testing with openssl s_time fails using nginx recommendations

Kjetil Birkeland Moe kjetil at skifremme.no
Wed Aug 31 13:31:30 CEST 2016


Dear Ach members,

when using the nginx server recommendations in the Ach paper, I cannot 
get the OpenSSL /s_time/ performance testing to work. Even the server 
bettercrypto.org fails. Is this problem due to the nginx config, or with 
OpenSSL?

Running "openssl s_time -connect bettercrypto.org:443 -cipher 
AES128-GCM-SHA256 -time 2" returns "140373676381952:error:14094410:SSL 
routines:ssl3_read_bytes:sslv3 alert handshake 
failure:ssl/record/rec_layer_s3.c:1362:SSL alert number 40" in OpenSSL 
1.1.0, and "140416684930936:error:14077410:SSL 
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake 
failure:s23_clnt.c:769:" in 1.0.2h.

This problem has been found when running from Fedora 24, and also with 
other ciphers than just the one mentioned above, as 
ECDHE-ECDSA-AES256-GCM-SHA384, ECDHE-ECDSA-AES128-SHA, AES256-SHA, but 
not with AES128-SHA.

I am greatful for insight that would make it possible to use /s_time/ 
properly.

best regards,
Kjetil Birkeland Moe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20160831/f299a0c9/attachment.html>


More information about the Ach mailing list