# OpenSSL handsake fails with bindist disabled

## marcv

I'm having some trouble connecting to imap.gmail.com:993 with openssl when the bindist flag is disabled. This is what I get:

```

$ openssl s_client -connect imap.gmail.com:993

CONNECTED(00000003)

write:errno=104

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 0 bytes and written 211 bytes

---

New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

---

```

However with the bindist flag enabled (so the EC and RC5 algorithms compiled out) what I get is:

```

$ openssl s_client -connect imap.gmail.com:993

CONNECTED(00000003)

depth=1 C = US, O = Google Inc, CN = Google Internet Authority

verify error:num=20:unable to get local issuer certificate

verify return:0

---

Certificate chain

 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=imap.gmail.com

   i:/C=US/O=Google Inc/CN=Google Internet Authority

 1 s:/C=US/O=Google Inc/CN=Google Internet Authority

   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority

---

[...]

* OK Gimap ready for requests

```

OpenSSL is openssl-1.0.0g, compiled with flags sse2 and zlib. I started noticing this problem around January 1st 2010 (+- 2 weeks). I can connect to other servers with OpenSSL. GnuTLS has no problem connecting to imap.gmail.com. Claws Mail (which I assume uses OpenSSL) also can't connect to imap.gmail.com.

I could not find any workaround for this issue; not even any reports, so I don't know if it's a bug, a misconfiguration on my side or lack of search skills. Could someone try to replicate this or provide some pointers?

----------

