I have been trying to set up a self-signed SSL cert on my Debian install as per this tutorial https://www.digitalocean.com/community/tutorials/how-to-create-an-ecc-certificate-on-nginx-for-debian-8 but I am getting the following error when connecting:
openssl s_client -connect vpsipaddr:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0x7d3380 [0x7d3f10] (289 bytes => 289 (0x121))
0000 - 16 03 01 01 1c 01 00 01-18 03 03 62 c4 ec 46 0b ...........b..F.
0010 - 47 d3 35 9a f1 b4 54 11-fe 85 66 b8 e7 70 a2 e6 G.5...T...f..p..
0020 - 1e 4c 57 11 75 81 86 be-53 d6 0e 00 00 82 c0 30 .LW.u...S......0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a3 00 9f 00 6b .,.(.$.........k
0040 - 00 6a 00 39 00 38 00 88-00 87 c0 32 c0 2e c0 2a .j.9.8.....2...*
0050 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 2f .&.......=.5.../
0060 - c0 2b c0 27 c0 23 c0 13-c0 09 00 a2 00 9e 00 67 .+.'.#.........g
0070 - 00 40 00 33 00 32 00 9a-00 99 00 45 00 44 c0 31 .@.3.2.....E.D.1
0080 - c0 2d c0 29 c0 25 c0 0e-c0 04 00 9c 00 3c 00 2f .-.).%.......<./
0090 - 00 96 00 41 c0 11 c0 07-c0 0c c0 02 00 05 00 04 ...A............
00a0 - c0 12 c0 08 00 16 00 13-c0 0d c0 03 00 0a 00 ff ................
00b0 - 01 00 00 6d 00 0b 00 04-03 00 01 02 00 0a 00 34 ...m...........4
00c0 - 00 32 00 0e 00 0d 00 19-00 0b 00 0c 00 18 00 09 .2..............
00d0 - 00 0a 00 16 00 17 00 08-00 06 00 07 00 14 00 15 ................
00e0 - 00 04 00 05 00 12 00 13-00 01 00 02 00 03 00 0f ................
00f0 - 00 10 00 11 00 23 00 00-00 0d 00 20 00 1e 06 01 .....#..... ....
0100 - 06 02 06 03 05 01 05 02-05 03 04 01 04 02 04 03 ................
0110 - 03 01 03 02 03 03 02 01-02 02 02 03 00 0f 00 01 ................
0120 - 01 .
SSL_connect:SSLv2/v3 write client hello A
read from 0x7d3380 [0x7d9470] (7 bytes => 0 (0x0))
139916497704592:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 289 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1473161145
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
I haven't been able to find an answer anywhere else, not quite sure how to debug the error though I've tried. Thank you!
Best Answer
The server is closing the connection directly after receiving the ClientHello. There are various possibilities why this happens:
-servername hostname
option with the configured hostname (not IP address) to see if this helps to get a connection.