Ubuntu
openssl package

Bug #899464
Comment #2

Comment 2 for bug 899464

Revision history for this message

Finjon Kiang (kiange) wrote on 2011-12-06:

I haven't gotten response from that site. But if it's disabled by default, how to open it? The option '-ssl2' had been removed from the program in the latest version.

The following results were fetched from 0.9.8g-4ubuntu3.13 @ Ubuntu 8.04.4 LTS:

:~$ openssl s_client -ssl3 -host aquarius.neweb.com.tw -port 443
CONNECTED(00000003)
15872:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:

:~$ openssl s_client -ssl2 -host aquarius.neweb.com.tw -port 443
CONNECTED(00000003)
depth=0 /C=TW/postalCode=11510/ST=Taiwan/L=Taipei/streetAddress=7F., No.52, Sec. 3, Nangang Rd., Nangang Dist., Taipei City 11510, Taiwan (R.O.C.)/O=Neweb Technologies Co., Ltd./OU=MIS/OU=Provided by Global Digital Inc./OU=GlobalTrustSSLWildcard/CN=*.neweb.com.tw
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=TW/postalCode=11510/ST=Taiwan/L=Taipei/streetAddress=7F., No.52, Sec. 3, Nangang Rd., Nangang Dist., Taipei City 11510, Taiwan (R.O.C.)/O=Neweb Technologies Co., Ltd./OU=MIS/OU=Provided by Global Digital Inc./OU=GlobalTrustSSLWildcard/CN=*.neweb.com.tw
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=TW/postalCode=11510/ST=Taiwan/L=Taipei/streetAddress=7F., No.52, Sec. 3, Nangang Rd., Nangang Dist., Taipei City 11510, Taiwan (R.O.C.)/O=Neweb Technologies Co., Ltd./OU=MIS/OU=Provided by Global Digital Inc./OU=GlobalTrustSSLWildcard/CN=*.neweb.com.tw
verify error:num=21:unable to verify the first certificate
verify return:1
subject=/C=TW/postalCode=11510/ST=Taiwan/L=Taipei/streetAddress=7F., No.52, Sec. 3, Nangang Rd., Nangang Dist., Taipei City 11510, Taiwan (R.O.C.)/O=Neweb Technologies Co., Ltd./OU=MIS/OU=Provided by Global Digital Inc./OU=GlobalTrustSSLWildcard/CN=*.neweb.com.tw
issuer=/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
---
No client certificate CA names sent
---
Ciphers common between both SSL endpoints:
DES-CBC3-MD5
---
SSL handshake has read 1720 bytes and written 364 bytes
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol : SSLv2
    Cipher : DES-CBC3-MD5
    Session-ID: 00005DCC0C925C974EDD756D00001C76
    Session-ID-ctx:
    Master-Key: 139E982728ACA06528E2A5C276029BA0E5E25BD6F3E85B84
    Key-Arg : C4A1588E79FC18C8
    Start Time: 1323136366
    Timeout : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)

I haven't gotten response from that site. But if it's disabled by default, how to open it? The option '-ssl2' had been removed from the program in the latest version.

The following results were fetched from 0.9.8g-4ubuntu3.13 @ Ubuntu 8.04.4 LTS:

:~$ openssl s_client -ssl3 -host aquarius.neweb.com.tw -port 443
CONNECTED(00000003)
15872:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:

:~$ openssl s_client -ssl2 -host aquarius.neweb.com.tw -port 443
CONNECTED(00000003)
depth=0 /C=TW/postalCode=11510/ST=Taiwan/L=Taipei/streetAddress=7F., No.52, Sec. 3, Nangang Rd., Nangang Dist., Taipei City 11510, Taiwan (R.O.C.)/O=Neweb Technologies Co., Ltd./OU=MIS/OU=Provided by Global Digital Inc./OU=GlobalTrustSSLWildcard/CN=*.neweb.com.tw
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=TW/postalCode=11510/ST=Taiwan/L=Taipei/streetAddress=7F., No.52, Sec. 3, Nangang Rd., Nangang Dist., Taipei City 11510, Taiwan (R.O.C.)/O=Neweb Technologies Co., Ltd./OU=MIS/OU=Provided by Global Digital Inc./OU=GlobalTrustSSLWildcard/CN=*.neweb.com.tw
verify error:num=27:certificate not trusted
verify return:1
depth=0 /C=TW/postalCode=11510/ST=Taiwan/L=Taipei/streetAddress=7F., No.52, Sec. 3, Nangang Rd., Nangang Dist., Taipei City 11510, Taiwan (R.O.C.)/O=Neweb Technologies Co., Ltd./OU=MIS/OU=Provided by Global Digital Inc./OU=GlobalTrustSSLWildcard/CN=*.neweb.com.tw
verify error:num=21:unable to verify the first certificate
verify return:1
subject=/C=TW/postalCode=11510/ST=Taiwan/L=Taipei/streetAddress=7F., No.52, Sec. 3, Nangang Rd., Nangang Dist., Taipei City 11510, Taiwan (R.O.C.)/O=Neweb Technologies Co., Ltd./OU=MIS/OU=Provided by Global Digital Inc./OU=GlobalTrustSSLWildcard/CN=*.neweb.com.tw
issuer=/C=US/ST=UT/L=Salt Lake City/O=The USERTRUST Network/OU=http://www.usertrust.com/CN=UTN-USERFirst-Hardware
---
No client certificate CA names sent
---
Ciphers common between both SSL endpoints:
DES-CBC3-MD5
---
SSL handshake has read 1720 bytes and written 364 bytes
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : SSLv2
    Cipher    : DES-CBC3-MD5
    Session-ID: 00005DCC0C925C974EDD756D00001C76
    Session-ID-ctx: 
    Master-Key: 139E982728ACA06528E2A5C276029BA0E5E25BD6F3E85B84
    Key-Arg   : C4A1588E79FC18C8
    Start Time: 1323136366
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)

Ubuntuopenssl package

Comment 2 for bug 899464

Ubuntu
openssl package