tcpdump/Wireshark it and look at the cipher negotiation.
Start on the working server to see a known good conversation.
A lot of the ciphers have been deprecated due to vulnerabilities.

chuckc


-----Original Message-----
>From: Harold Hallikainen <harold@hallikainen.org>
>Sent: Mar 10, 2015 6:35 PM
>To: Pic List <piclist@mit.edu>
>Subject: [PIC] Need SSL Client help
>
>I'm running the code below as part of an SSL client:
>
>#if defined (STACK_USE_SSL_CLIENT)
>      if(https){
>        if(!TCPStartSSLClient(MySocket,(void *)"thishost")) break; // stay
>in this state if SSL Client does not start
>        SslClientState++;
>        Uart1TxStringPolled("Log post SSL started\r");
>        break;
>      case SM_START_SSL:
>        if (TCPSSLIsHandshaking(MySocket)){	// wait for end of ssl handsha=
ke
>          if(TickGetDouble()-Timer > (double)(10*TICK_SECOND)){	// Give up
>after 10 seconds
>            TCPDisconnect(MySocket)	;// Close the socket so it can be used
>by other modules
>		    MySocket =3D INVALID_SOCKET;
>		    SslClientState=3DSM_OpenConnection;	// Retry 10 times
>            Uart1TxStringPolled("Log post SSL handshake failed\r");
>            retries--;
>            if(retries=3D=3D0){
>              SslClientState=3DSM_DONE;	// quit
>              Uart1TxStringPolled("Log post SSL handshake failed 10
>tries\r");
>            }
>          }
>          break;	// if still handshaking but not yet timed out, come back
>to this state
>        }
>      }// endif https. https has extra state. http goes right from socket
>obtained to send headers with no break.
>#endif // end if using ssl
>
>This works fine talking to my old Fedora 12 server fine, but my new CentOS
>server does not like it. The SSL handshake fails. I suspect it's the
>Apache config file. Here's what I see regarding encryption on the old
>server (which works):
>
>#   SSL Cipher Suite:
>#   List the ciphers that the client is permitted to negotiate.
>#   See the mod_ssl documentation for a complete list.
>SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
>
>Below is what's on the new CentOS server:
>
>#   SSL Protocol support:
># List the enable protocol levels with which clients will be able to
># connect.  Disable SSLv2 access by default:
># SSLProtocol all -SSLv2
># Changed to below 3/10/15. hh
>SSLProtocol all
>
>#   SSL Cipher Suite:
># List the ciphers that the client is permitted to negotiate.
># See the mod_ssl documentation for a complete list.
># SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
>SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
>
>
>You can see the original line commented out and replaced by my new line.
>
>I'm still getting the SSL handshake failed out of the PIC. Any ideas on
>how I make the server accept this SSL?
>
>THANKS!
>
>Harold
>
>
>
>
>
>
>--=20
>FCC Rules Updated Daily at http://www.hallikainen.com - Advertising
>opportunities available!
>Not sent from an iPhone.
>--=20
>http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
>View/change your membership options at
>http://mailman.mit.edu/mailman/listinfo/piclist

--=20
http://www.piclist.com/techref/piclist PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist
.