Groups > Symbian > Symbian EPOC connect > Re: [OS6.1 (S60), OS7.0 (UiQ)] KErrSSLAlertHandshakeFailure / -7540 / TLS / SSL / Secure Socket Layer / Ciphers




Re: [OS6.1 (S60), OS7.0 (UiQ)] KErrSSLAlertHandshakeFailure
/ -7540 / TLS / SSL / Secure Socket Layer / Ciphers

Re: [OS6.1 (S60), OS7.0 (UiQ)] KErrSSLAlertHandshakeFailure / -7540 / TLS / SSL / Secure Socket Layer / Ciphers
Tue, 31 Jan 2006 11:58:04 +020 
Hi,

We've gone and created a wikibook for this kind of information for ease of
access. Feel free to contribute at
http://en.wikibooks.org/wiki/Programming:Symbian

Hope people will pick up on this.

- Vesa


"Tobias Stoeger" <not.for.reply@stoeger-it.de> wrote in message
news:6MrPURY9FHA.2976@extapps30...
> Hi guys,
> I want to share some knowlegde (and report again that bug to symbian).
>
> The problem is related to Symbian OS 6.1(S60 v1.2) and OS 7.0(UIQ v2.0).
> It seems to be fixed from 7.0s(S60 v2.0) onwards.
>
> The SSL handshake sucks if you want to connect using "SSL3.0"
> to a server if those ciphers are not supported or that one allows only
> "TLS1.0".
>
> My lastest information from symbian side have been, that the ssl
> implementation should be able to handle that, by switching
> from "SSL3.0" to "TLS1.0" and try the handshake again
(RFC 2246).
>
> (Mark S.)
> > If the SSL call fails, it's probably reasonable to retry with a TLS
call.
>
> But this does not work in above OS versions (emulator and device).
> Ok, maybe there is a retry using TLS (I can't see inside), but then
> maybe he do not use correct ciphers, don't know. Definitly something
> goes wrong in the ssl impl.
>
> In OS6.1 the RSocket-connect (handshake) silently fails.
> In OS7.0 the CSecureSocket-connect (handshake) reports "-7540"
>
> Workaround for OS6.1:
> Use RSocket::SetOpt() to activate TLS ciphers.
>
> Workaround for OS7.0:
> _LIT(KSSLProtocol,"TLS1.0");
> CSecureSocket::NewL(iSocket, KSSLProtocol());
>
> ...and set known ciphers, e.g.
> TBuf8<30> ciphers;
> ciphers.Append(0x00);
> ciphers.Append(0x04);
>
> ciphers.Append(0x00);
> ciphers.Append(0x05);
>
> ciphers.Append(0x00);
> ciphers.Append(0x13);
>
> ciphers.Append(0xff); //TLS
> ciphers.Append(0xff);
> User::LeaveIfError(iSecureSocket->SetAvailableCipherSuites(ciphers));
>
>
> You can test the above problem using that adress
"hbci11.fiducia.de"
> (Do _not_ use SE Px00 embedded webbrowser for this test, it will loop
> and produce a lot of traffic - maybe 'cause of that handshake problem!)
>
> Any comments are welcome.
> Have a nice day
> -- 
> Tobias
> www.OutBank.de
Post Reply
about | contact