SSL Server

[SeeCwriter]

I've implemented HTTPS on a Mod5441X and a NANO using the self-signed cert and key, and it all works. Now I would like to be able to make a secure connection without a webpage. And it seems like example program sslserver does what I'm looking for. It Listens for a SSL connection request, accepts the connection, reads data from the socket and prints it.

So I added that same mechanism to my Mod5441X app. I used openssl to make the connection, using the same syntax in the example app, but it appears that it didn't work. Lots of stuff was output on the terminal and I don't understand all of it.

Code: Select all

openssl s_client -tls1_2 -connect 10.250.5.129:52311

Some of the output is:

The 3-lines after "CONNECTED" repeats 3-times.

Code: Select all

CONNECTED(00000158)
depth=0 c = US, ST = California, L = Santa Clara, O = Comtech_CA, CN = 10.250.5.129
verify error:num=20:unable to get local issuer certificate
verify return:1

Then it prints out the server certificate, followed by:

Code: Select all

No client certificate CA name sent
Peer signing digest: SHA256
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 928 bytes and written 287 bytes
Verification error: unable to verify the first certificate

and then a bunch more stuff.

Was there something else I needed to do?

[dciliske]

Can you post the full output? Verification failing makes sense, as you don't have a certificate signed by a known Certificate Authority, but that shouldn't close the connection. Is it closing the connection and then dropping you back to the command prompt?

Given that you've got the HTTPS server working with the self signed certificate, I'd lean more towards this being an issue with the configuration of the openssl command.

[SeeCwriter]

Today, I get a totally different response from attempting an openssl connection. It still doesn't connect. I rebooted and get the same response, printed below. I still had Friday's output in an open command window, so I took two screenshots to capture then entire output and put them in the attached file. I also verified that I can still make a secure webpage connection.

Code: Select all

CONNECTED(00000168)
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 194 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID: 
    Session-ID-ctx: 
    Master-Key: 
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1687184249
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
---
13904:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl\record\ssl3_record.c:332:

[SeeCwriter]

I found the error. I wasn't calling the correct accept function. It works now.