On Wed, Apr 30, 2014 at 3:04 AM, zyf01...@gmail.com <zyf01...@gmail.com>wrote:
> This time the client hello and server hello is done,but when client key > exchange the server reply Alert (Level: Fatal, Description: Protocol > Version).Shows bellow, what wrong with this? And I kown this alert means > the client is not using the same protocol, but why client hello ,and server > hello done? > According to RFC 5246, section 7.2.2 ( http://tools.ietf.org/html/rfc5246#section-7.2.2): protocol_version The protocol version the client has attempted to negotiate is recognized but not supported. (For example, old protocol versions might be avoided for security reasons.) This message is always fatal. Try diagnosing further with: openssl s_client -ssl3 -connect server:port And openssl s_client -tls1 -connect server:port -servername:server The docs on s_client can be found at https://www.openssl.org/docs/apps/s_client.html. The server should be capable of TLS 1.0 in 2014. However, it might want TLS 1.2 too if its taking a defensive posture or providing only TLS 1.2 cipher suites. You can test for TLS 1.2 with * '-tls1_2'.*Jeff
