<div>Furthermore, I run "openssl s_client -connect IP:port" for the bridge may get a CONNECTED(00000003) and permenant hang, but I do it for <a href="http://bridges.torproject.org:443">bridges.torproject.org:443</a>, after CONNECTED(00000003), I can get information like below immediately:</div>
<div>=================================================================</div>
<div>depth=0 /serialNumber=aUVt2jpYrUSfuqm7lWOF81xG9CFh9r1-/C=US/O=*.<a href="http://torproject.org/OU=GT86487530/OU=See">torproject.org/OU=GT86487530/OU=See</a> <a href="http://www.rapidssl.com/resources/cps">www.rapidssl.com/resources/cps</a> (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.<a href="http://torproject.org">torproject.org</a><br>
verify error:num=20:unable to get local issuer certificate<br>verify return:1<br>depth=0 /serialNumber=aUVt2jpYrUSfuqm7lWOF81xG9CFh9r1-/C=US/O=*.<a href="http://torproject.org/OU=GT86487530/OU=See">torproject.org/OU=GT86487530/OU=See</a> <a href="http://www.rapidssl.com/resources/cps">www.rapidssl.com/resources/cps</a> (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.<a href="http://torproject.org">torproject.org</a><br>
verify error:num=27:certificate not trusted<br>verify return:1<br>depth=0 /serialNumber=aUVt2jpYrUSfuqm7lWOF81xG9CFh9r1-/C=US/O=*.<a href="http://torproject.org/OU=GT86487530/OU=See">torproject.org/OU=GT86487530/OU=See</a> <a href="http://www.rapidssl.com/resources/cps">www.rapidssl.com/resources/cps</a> (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.<a href="http://torproject.org">torproject.org</a><br>
verify error:num=21:unable to verify the first certificate<br>verify return:1<br>---<br>Certificate chain<br> 0 s:/serialNumber=aUVt2jpYrUSfuqm7lWOF81xG9CFh9r1-/C=US/O=*.<a href="http://torproject.org/OU=GT86487530/OU=See">torproject.org/OU=GT86487530/OU=See</a> <a href="http://www.rapidssl.com/resources/cps">www.rapidssl.com/resources/cps</a> (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.<a href="http://torproject.org">torproject.org</a><br>
i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority<br>---<br>Server certificate<br>-----BEGIN CERTIFICATE-----<br>MIIDXTCCAsagAwIBAgIDD4pqMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT<br>MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0<br>
aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTAwMjI1MDEzNzI5WhcNMTEwMjI3MDYyMDMw<br>WjCB5zEpMCcGA1UEBRMgYVVWdDJqcFlyVVNmdXFtN2xXT0Y4MXhHOUNGaDlyMS0x<br>CzAJBgNVBAYTAlVTMRkwFwYDVQQKFBAqLnRvcnByb2plY3Qub3JnMRMwEQYDVQQL<br>EwpHVDg2NDg3NTMwMTEwLwYDVQQLEyhTZWUgd3d3LnJhcGlkc3NsLmNvbS9yZXNv<br>
dXJjZXMvY3BzIChjKTEwMS8wLQYDVQQLEyZEb21haW4gQ29udHJvbCBWYWxpZGF0<br>ZWQgLSBSYXBpZFNTTChSKTEZMBcGA1UEAxQQKi50b3Jwcm9qZWN0Lm9yZzCBnzAN<br>BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAu/zFwQPQQ5znAF25kxcf1OGHUhdJExQB<br>svfi2kov0L/tqCw53++zJ5iQjIfTx+hbixEJIv+u6XDu9WKl1FtyZkV/CcrRp0oC<br>
p07SDK1uRd09Chvws7MGJi4I+rcIzhu3tNDLXQHMcLjz5v+2cdnA/jKKWbeUatMd<br>uYSaTrM+09kCAwEAAaOBrjCBqzAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0OBBYEFJCL<br>ANJ+x/1iMVb4KTCYWWZiZJtuMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwu<br>Z2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsMB8GA1UdIwQYMBaAFEjmaPkr<br>
0rKV10fYIyAQTzOYkJ/UMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAN<br>BgkqhkiG9w0BAQUFAAOBgQBk5qPU6HAByBgD5XMDtA2w/NLXEVm9o/xCtPBpfl7u<br>8LvnL/WqBPvHhH77V8dU7l73wbdqbe3eNHrm5xu7WxKVrBeq4qz5uoi2/vHEJ9/+<br>vGPpVMHzHMnUFpJWxoARy5dNp2QHSngOs8fCXvtNwb1d7iLn18oWPuk1bn6uMI9x<br>
7w==<br>-----END CERTIFICATE-----<br>subject=/serialNumber=aUVt2jpYrUSfuqm7lWOF81xG9CFh9r1-/C=US/O=*.<a href="http://torproject.org/OU=GT86487530/OU=See">torproject.org/OU=GT86487530/OU=See</a> <a href="http://www.rapidssl.com/resources/cps">www.rapidssl.com/resources/cps</a> (c)10/OU=Domain Control Validated - RapidSSL(R)/CN=*.<a href="http://torproject.org">torproject.org</a><br>
issuer=/C=US/O=Equifax/OU=Equifax Secure Certificate Authority<br>---<br>No client certificate CA names sent<br>---<br>SSL handshake has read 1429 bytes and written 316 bytes<br>---<br>New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA<br>
Server public key is 1024 bit<br>Compression: NONE<br>Expansion: NONE<br>SSL-Session:<br> Protocol : TLSv1<br> Cipher : DHE-RSA-AES256-SHA<br> Session-ID: 6C10366E7BB529BF9F4EAE5E851A1918E1634F79E36536812B4D5D12E14F2BB1<br>
Session-ID-ctx:<br> Master-Key: 30F830369A5662636957D5E1AB733AE590F019A9A0245BC6DDB60D32521C022FFABD7C6BA30DE6B9C16D780398433492<br> Key-Arg : None<br> Start Time: 1267331357<br> Timeout : 300 (sec)<br>
Verify return code: 21 (unable to verify the first certificate)<br>---<br>===============================================================</div>
<div> </div>
<div>Best Regards</div>
<div>Brent<br><br></div>
<div class="gmail_quote">2010/2/28 Peng Zhou <span dir="ltr"><<a href="mailto:zpbrent@gmail.com">zpbrent@gmail.com</a>></span><br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div>The result of "openssl s_client -connect IP:port" is CONNECTED(00000003)</div>
<div> </div>
<div>And I can use Gmail via https successfully, I also can access <a href="https://bridges.torproject.org/" target="_blank">https://bridges.torproject.org/</a> successfully too :-)<br><br></div>
<div class="gmail_quote">2010/2/28 Andrew Lewman <span dir="ltr"><<a href="mailto:andrew@torproject.org" target="_blank">andrew@torproject.org</a>></span>
<div>
<div></div>
<div class="h5"><br>
<blockquote style="BORDER-LEFT: #ccc 1px solid; MARGIN: 0px 0px 0px 0.8ex; PADDING-LEFT: 1ex" class="gmail_quote">
<div>On 02/27/2010 09:41 AM, Peng Zhou wrote:<br>> Previously, I use the network from HongKong Polytechnical University<br>> (I don't know who is the ISP for HK PolyU), when I try to connect with Tor.<br>> via bridge <a href="http://74.207.232.33:443/" target="_blank">74.207.232.33:443</a>, I have found its TCP handshaking works fine,<br>
> but SSL handshaking is blocked (A packet for SSL client Hello is sent to<br>> 74.207.232.33, but the bridge never gives me reponse):<br><br></div>This could also mean the bridge is offline. If you can "openssl<br>
s_client -connect IP:port", does this work?<br><br>Is ssl to say, gmail, or taobao also messed up?<br><font color="#888888"><br>--<br></font>
<div>
<div></div>
<div>Andrew Lewman<br>The Tor Project<br>pgp 0x31B0974B<br><br>Website: <a href="https://torproject.org/" target="_blank">https://torproject.org/</a><br>Blog: <a href="https://blog.torproject.org/" target="_blank">https://blog.torproject.org/</a><br>
Identi.ca: torproject<br>***********************************************************************<br>To unsubscribe, send an e-mail to <a href="mailto:majordomo@torproject.org" target="_blank">majordomo@torproject.org</a> with<br>
unsubscribe or-talk in the body. <a href="http://archives.seul.org/or/talk/" target="_blank">http://archives.seul.org/or/talk/</a><br></div></div></blockquote></div></div></div><br></blockquote></div><br>