I have tryed, it works well. So ,what wrong with my appliction?
zyf01...@gmail.com
From: Jeffrey WaltonDate: 2014-04-30 15:27To: OpenSSL Users ListSubject: Re:
TLSv1 Record Layer: Alert (Level: Fatal, Description: Protocol Version)
On Wed, Apr 30, 2014 at 3:04 AM, zyf01...@gmail.com <zyf01...@gmail.com> wrote:
This time the client hello and server hello is done,but when client key
exchange the server reply Alert (Level: Fatal, Description: Protocol
Version).Shows bellow, what wrong with this? And I kown this alert means the
client is not using the same protocol, but why client hello ,and server hello
done?
According to RFC 5246, section 7.2.2
(http://tools.ietf.org/html/rfc5246#section-7.2.2):
protocol_version
The protocol version the client has attempted to negotiate is
recognized but not supported. (For example, old protocol versions
might be avoided for security reasons.) This message is always
fatal.
Try diagnosing further with:
openssl s_client -ssl3 -connect server:port
And
openssl s_client -tls1 -connect server:port -servername:server
The docs on s_client can be found at
https://www.openssl.org/docs/apps/s_client.html.
The server should be capable of TLS 1.0 in 2014. However, it might want TLS 1.2
too if its taking a defensive posture or providing only TLS 1.2 cipher suites.
You can test for TLS 1.2 with '-tls1_2'.
Jeff
