OpenSSL 1.0.2j won't connect to Google

S P Arif Sahari Wibowo arifsaha at yahoo.com
Tue Oct 4 14:37:08 CEST 2016


Hi!

Macports upgraded my OpenSSL to 1.0.2j and now it cannot connect 
to Google servers. Here what I got from OpenSSL 1.0.2j:

$ openssl s_client -connect xmpp.l.google.com:5222 -starttls xmpp
CONNECTED(00000003)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 387 bytes and written 122 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
---
$


On another machine that still run 1.0.2h, this is what I 
correctly got (long):

$ openssl s_client -connect xmpp.l.google.com:5222 -starttls xmpp
CONNECTED(00000003)
depth=3 C = US, O = Equifax, OU = Equifax Secure Certificate Authority
verify return:1
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = Google Inc, CN = Google Internet Authority G2
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = *.google.com
verify return:1
---
Certificate chain
   0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
     i:/C=US/O=Google Inc/CN=Google Internet Authority G2
   1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
     i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
     i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIHEjCCBfqgAwIBAgIIA9LO1aKtcGIwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTYwOTI5MTY1MjIzWhcNMTYxMjIyMTYzNzAw
WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n
b29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEBodIBYBoWFcv8gd7
xK7GzZMTQoCaUjeiMyNlxPaGnR9tVZ08R+cvMeJKFmHarijVIlFk9eM4+4uNpl/9
DTgocKOCBKowggSmMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjCCA2kG
A1UdEQSCA2AwggNcggwqLmdvb2dsZS5jb22CDSouYW5kcm9pZC5jb22CFiouYXBw
ZW5naW5lLmdvb2dsZS5jb22CEiouY2xvdWQuZ29vZ2xlLmNvbYIWKi5nb29nbGUt
YW5hbHl0aWNzLmNvbYILKi5nb29nbGUuY2GCCyouZ29vZ2xlLmNsgg4qLmdvb2ds
ZS5jby5pboIOKi5nb29nbGUuY28uanCCDiouZ29vZ2xlLmNvLnVrgg8qLmdvb2ds
ZS5jb20uYXKCDyouZ29vZ2xlLmNvbS5hdYIPKi5nb29nbGUuY29tLmJygg8qLmdv
b2dsZS5jb20uY2+CDyouZ29vZ2xlLmNvbS5teIIPKi5nb29nbGUuY29tLnRygg8q
Lmdvb2dsZS5jb20udm6CCyouZ29vZ2xlLmRlggsqLmdvb2dsZS5lc4ILKi5nb29n
bGUuZnKCCyouZ29vZ2xlLmh1ggsqLmdvb2dsZS5pdIILKi5nb29nbGUubmyCCyou
Z29vZ2xlLnBsggsqLmdvb2dsZS5wdIISKi5nb29nbGVhZGFwaXMuY29tgg8qLmdv
b2dsZWFwaXMuY26CFCouZ29vZ2xlY29tbWVyY2UuY29tghEqLmdvb2dsZXZpZGVv
LmNvbYIMKi5nc3RhdGljLmNugg0qLmdzdGF0aWMuY29tggoqLmd2dDEuY29tggoq
Lmd2dDIuY29tghQqLm1ldHJpYy5nc3RhdGljLmNvbYIMKi51cmNoaW4uY29tghAq
LnVybC5nb29nbGUuY29tghYqLnlvdXR1YmUtbm9jb29raWUuY29tgg0qLnlvdXR1
YmUuY29tghYqLnlvdXR1YmVlZHVjYXRpb24uY29tggsqLnl0aW1nLmNvbYIaYW5k
cm9pZC5jbGllbnRzLmdvb2dsZS5jb22CC2FuZHJvaWQuY29tggRnLmNvggZnb28u
Z2yCFGdvb2dsZS1hbmFseXRpY3MuY29tggpnb29nbGUuY29tghJnb29nbGVjb21t
ZXJjZS5jb22CGXBvbGljeS5tdGEtc3RzLmdvb2dsZS5jb22CCnVyY2hpbi5jb22C
Cnd3dy5nb28uZ2yCCHlvdXR1LmJlggt5b3V0dWJlLmNvbYIUeW91dHViZWVkdWNh
dGlvbi5jb20wCwYDVR0PBAQDAgeAMGgGCCsGAQUFBwEBBFwwWjArBggrBgEFBQcw
AoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcyLmNydDArBggrBgEFBQcwAYYf
aHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2NzcDAdBgNVHQ4EFgQULQU51JzJ
T6ozMtKxKNpoTqAujlswDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2
aLV29YG2u2IaulqBLzAhBgNVHSAEGjAYMAwGCisGAQQB1nkCBQEwCAYGZ4EMAQIC
MDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5j
cmwwDQYJKoZIhvcNAQELBQADggEBAD1wk5YGu9/G8I8idcpLiZK43uD1rsLpzeDq
qivjrAAJiB/Qcf2s21Xl+4+l39nzgZuLFo3/MLywUypAx6aIOKnoJXrhYY1w3qC7
e+r1+NymMvugFWTnypK/VSgePdbOooq43KMoseayDfG9wUjKO4zjHFYn1ii7vqJe
sU3zCCmErXthHOM4wMJbH46iOin0ZU75JJaI1A7ofI3urm4IgK4X6INFJpOw74ny
FCJLRTzYq6soJEb486S02tK0p5rYVBGp35EpqK4G4cJIBh7am0hTlQ9XkehLcAsu
WQb8rNqn8W89T3cUQbvgFWrt2wU9LwnlsK029BpS484i+I1qGIo=
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
issuer=/C=US/O=Google Inc/CN=Google Internet Authority G2
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4636 bytes and written 500 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
      Protocol  : TLSv1.2
      Cipher    : ECDHE-ECDSA-AES128-GCM-SHA256
      Session-ID: 08C7C8FF0B56BBF6DC43558B2A9494998D11280AECA87F132C1D8E8792225F05
      Session-ID-ctx:
      Master-Key: 2A152663FD2C90ECE667FEAD86A6BD2A705C716348E257A9FC3C72173CDC65100C7092FB2ADF30B68471D2BA5EE28AD5
      Key-Arg   : None
      Krb5 Principal: None
      PSK identity: None
      PSK identity hint: None
      TLS session ticket lifetime hint: 100800 (seconds)
      TLS session ticket:
      0000 - cd 69 d2 9b 20 20 0a 14-b7 01 78 c3 73 56 33 7a   .i..  ....x.sV3z
      0010 - 26 e7 98 e1 94 0b a0 74-b1 f9 4e 37 2d e6 0a 4e   &......t..N7-..N
      0020 - 7e d8 34 57 c8 79 ee 98-be 8f d0 f5 88 bb 40 b0   ~.4W.y........ at .
      0030 - d1 d5 10 eb 52 a4 43 96-63 2a d7 54 02 35 4d b8   ....R.C.c*.T.5M.
      0040 - c3 84 38 7f d5 43 82 49-59 4a f7 e4 9e cf d9 b8   ..8..C.IYJ......
      0050 - 41 1b 66 d2 ad 6c 2e 31-62 17 fe bd 50 fc 65 a0   A.f..l.1b...P.e.
      0060 - d4 4a 4f 76 ae 66 dd 82-37 32 a3 73 d8 fc af 20   .JOv.f..72.s...
      0070 - 7d 28 79 0b de 34 65 5a-fd 49 6b e9 e5 dc c2 d4   }(y..4eZ.Ik.....
      0080 - 1a aa 9e 2c e2 9a 3d c9-6b 4a 47 1a a1 90 d8 75   ...,..=.kJG....u
      0090 - 38 ae 06 73 d8 96 fb c8-95 35 8d 9d 61 da 6d f7   8..s.....5..a.m.
      00a0 - 31 d6 47 aa                                       1.G.

      Start Time: 1475555949
      Timeout   : 300 (sec)
      Verify return code: 0 (ok)
---
read:errno=0
$


Any thought how to fix this?

Thank you.

-- 
     ____  ____  ____  ____ (stephan paul) Arif Sahari Wibowo
    /___  /___/ /___/ /___      http://www.arifsaha.com/
   ____/ /     /   / ____/



More information about the macports-users mailing list