OpenSSL 1.0.2j won't connect to Google
S P Arif Sahari Wibowo
arifsaha at yahoo.com
Tue Oct 4 14:37:08 CEST 2016
Hi!
Macports upgraded my OpenSSL to 1.0.2j and now it cannot connect
to Google servers. Here what I got from OpenSSL 1.0.2j:
$ openssl s_client -connect xmpp.l.google.com:5222 -starttls xmpp
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 387 bytes and written 122 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---
$
On another machine that still run 1.0.2h, this is what I
correctly got (long):
$ openssl s_client -connect xmpp.l.google.com:5222 -starttls xmpp
CONNECTED(00000003)
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
verify return:1
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = *.google.com
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
i:/C=US/O=Google Inc/CN=Google Internet Authority G2
1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHEjCCBfqgAwIBAgIIA9LO1aKtcGIwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTYwOTI5MTY1MjIzWhcNMTYxMjIyMTYzNzAw
WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n
b29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBodIBYBoWFcv8gd7
xK7GzZMTQoCaUjeiMyNlxPaGnR9tVZ08R+cvMeJKFmHarijVIlFk9eM4+4uNpl/9
DTgocKOCBKowggSmMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCCA2kG
A1UdEQSCA2AwggNcggwqLmdvb2dsZS5jb22CDSouYW5kcm9pZC5jb22CFiouYXBw
ZW5naW5lLmdvb2dsZS5jb22CEiouY2xvdWQuZ29vZ2xlLmNvbYIWKi5nb29nbGUt
YW5hbHl0aWNzLmNvbYILKi5nb29nbGUuY2GCCyouZ29vZ2xlLmNsgg4qLmdvb2ds
ZS5jby5pboIOKi5nb29nbGUuY28uanCCDiouZ29vZ2xlLmNvLnVrgg8qLmdvb2ds
ZS5jb20uYXKCDyouZ29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJygg8qLmdv
b2dsZS5jb20uY2+CDyouZ29vZ2xlLmNvbS5teIIPKi5nb29nbGUuY29tLnRygg8q
Lmdvb2dsZS5jb20udm6CCyouZ29vZ2xlLmRlggsqLmdvb2dsZS5lc4ILKi5nb29n
bGUuZnKCCyouZ29vZ2xlLmh1ggsqLmdvb2dsZS5pdIILKi5nb29nbGUubmyCCyou
Z29vZ2xlLnBsggsqLmdvb2dsZS5wdIISKi5nb29nbGVhZGFwaXMuY29tgg8qLmdv
b2dsZWFwaXMuY26CFCouZ29vZ2xlY29tbWVyY2UuY29tghEqLmdvb2dsZXZpZGVv
LmNvbYIMKi5nc3RhdGljLmNugg0qLmdzdGF0aWMuY29tggoqLmd2dDEuY29tggoq
Lmd2dDIuY29tghQqLm1ldHJpYy5nc3RhdGljLmNvbYIMKi51cmNoaW4uY29tghAq
LnVybC5nb29nbGUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tgg0qLnlvdXR1
YmUuY29tghYqLnlvdXR1YmVlZHVjYXRpb24uY29tggsqLnl0aW1nLmNvbYIaYW5k
cm9pZC5jbGllbnRzLmdvb2dsZS5jb22CC2FuZHJvaWQuY29tggRnLmNvggZnb28u
Z2yCFGdvb2dsZS1hbmFseXRpY3MuY29tggpnb29nbGUuY29tghJnb29nbGVjb21t
ZXJjZS5jb22CGXBvbGljeS5tdGEtc3RzLmdvb2dsZS5jb22CCnVyY2hpbi5jb22C
Cnd3dy5nb28uZ2yCCHlvdXR1LmJlggt5b3V0dWJlLmNvbYIUeW91dHViZWVkdWNh
dGlvbi5jb20wCwYDVR0PBAQDAgeAMGgGCCsGAQUFBwEBBFwwWjArBggrBgEFBQcw
AoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNydDArBggrBgEFBQcwAYYf
aHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAdBgNVHQ4EFgQULQU51JzJ
T6ozMtKxKNpoTqAujlswDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2
aLV29YG2u2IaulqBLzAhBgNVHSAEGjAYMAwGCisGAQQB1nkCBQEwCAYGZ4EMAQIC
MDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5j
cmwwDQYJKoZIhvcNAQELBQADggEBAD1wk5YGu9/G8I8idcpLiZK43uD1rsLpzeDq
qivjrAAJiB/Qcf2s21Xl+4+l39nzgZuLFo3/MLywUypAx6aIOKnoJXrhYY1w3qC7
e+r1+NymMvugFWTnypK/VSgePdbOooq43KMoseayDfG9wUjKO4zjHFYn1ii7vqJe
sU3zCCmErXthHOM4wMJbH46iOin0ZU75JJaI1A7ofI3urm4IgK4X6INFJpOw74ny
FCJLRTzYq6soJEb486S02tK0p5rYVBGp35EpqK4G4cJIBh7am0hTlQ9XkehLcAsu
WQb8rNqn8W89T3cUQbvgFWrt2wU9LwnlsK029BpS484i+I1qGIo=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4636 bytes and written 500 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES128-GCM-SHA256
Session-ID: 08C7C8FF0B56BBF6DC43558B2A9494998D11280AECA87F132C1D8E8792225F05
Session-ID-ctx:
Master-Key: 2A152663FD2C90ECE667FEAD86A6BD2A705C716348E257A9FC3C72173CDC65100C7092FB2ADF30B68471D2BA5EE28AD5
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 100800 (seconds)
TLS session ticket:
0000 - cd 69 d2 9b 20 20 0a 14-b7 01 78 c3 73 56 33 7a .i.. ....x.sV3z
0010 - 26 e7 98 e1 94 0b a0 74-b1 f9 4e 37 2d e6 0a 4e &......t..N7-..N
0020 - 7e d8 34 57 c8 79 ee 98-be 8f d0 f5 88 bb 40 b0 ~.4W.y........ at .
0030 - d1 d5 10 eb 52 a4 43 96-63 2a d7 54 02 35 4d b8 ....R.C.c*.T.5M.
0040 - c3 84 38 7f d5 43 82 49-59 4a f7 e4 9e cf d9 b8 ..8..C.IYJ......
0050 - 41 1b 66 d2 ad 6c 2e 31-62 17 fe bd 50 fc 65 a0 A.f..l.1b...P.e.
0060 - d4 4a 4f 76 ae 66 dd 82-37 32 a3 73 d8 fc af 20 .JOv.f..72.s...
0070 - 7d 28 79 0b de 34 65 5a-fd 49 6b e9 e5 dc c2 d4 }(y..4eZ.Ik.....
0080 - 1a aa 9e 2c e2 9a 3d c9-6b 4a 47 1a a1 90 d8 75 ...,..=.kJG....u
0090 - 38 ae 06 73 d8 96 fb c8-95 35 8d 9d 61 da 6d f7 8..s.....5..a.m.
00a0 - 31 d6 47 aa 1.G.
Start Time: 1475555949
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
read:errno=0
$
Any thought how to fix this?
Thank you.
--
____ ____ ____ ____ (stephan paul) Arif Sahari Wibowo
/___ /___/ /___/ /___ http://www.arifsaha.com/
____/ / / / ____/
More information about the macports-users
mailing list