On Fri, Aug 1, 2014 at 3:07 AM, Nayna Jain <naynj...@in.ibm.com> wrote:
> > Hi all, > > We got one of our openssl version upgraded to openssl 1.0.1e version. > But after that I am facing this error at client side. > > error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number > > But I am not sure why is it giving wrong version number as both client and > server has SSLv3 connection. Below are the details: > > Client is 0.9.8a and calls SSLv3_method() for ivSMethod() > Server is upgraded to 1.0.1e and calls SSLv3_method() for ivSMethod() > Client when tries to connect to server , I get the error > error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number > Logically I thought, it will work as both are SSLv3 and nothing changed > there, but still it fails with wrong version number .. > When I tried using openssl s_client it fails as below with similar error > message > testsystem:~ # openssl s_client -connect <ip>:<port> -msg > CONNECTED(00000003) > >>> SSL 2.0 [length 008f], CLIENT-HELLO > 01 03 01 00 66 00 00 00 20 00 00 39 00 00 38 00 > This client is advertising TLS 1.0 as max supported protocol version in SSLv2 compatible Client Hello. This also indicates that you haven't capped your client SSL context to use only SSL3. > 00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00 > 33 00 00 32 00 00 2f 03 00 80 00 00 66 00 00 05 > 00 00 04 01 00 80 08 00 80 00 00 63 00 00 62 00 > 00 61 00 00 15 00 00 12 00 00 09 06 00 40 00 00 > 65 00 00 64 00 00 60 00 00 14 00 00 11 00 00 08 > 00 00 06 04 00 80 00 00 03 02 00 80 00 00 ff 8f > 40 b0 f6 58 d0 06 2b 60 08 0e 2c bf d9 79 06 0d > 95 aa 0e 1e d4 b0 f4 aa c5 7b 2a b8 9d 02 8d > 4971:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > protocol:s23_clnt.c:572: > What did server send? -msg -debug dump from server side would help. > > I tried with another client having openssl 1.0.1e client, still I am > facing the same error. > > Can someone help to debug this please ? There is no more further > information could be traced on why it failed. If someone have idea on > debugging tools for tracking openssl connection, do let me know. > > > Thanks & Regards, > Nayna Jain > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
