SSL_connect fails on systemd socket

Matt Caswell matt at openssl.org
Wed Jan 29 17:43:37 UTC 2020



On 29/01/2020 17:28, Tiwari, Hari Sahaya wrote:
> Yes, client is also on same version 1.0.2
> In this case SSL handshake(SSL_connect & SSL_accept) is done through systemd socket/service, which is failing.
> Any references around it will be very helpful.

What kind of BIO are you using for reading the data in the server?

Is it possible to get a wireshark trace of the failing handshake?

Matt


> 
> Regards,
> Hari.
> 
> -----Original Message-----
> From: openssl-users [mailto:openssl-users-bounces at openssl.org] On Behalf Of Matt Caswell
> Sent: Tuesday, January 28, 2020 8:27 PM
> To: openssl-users at openssl.org
> Subject: Re: SSL_connect fails on systemd socket
> 
> 
> 
> On 28/01/2020 14:03, Tiwari, Hari Sahaya wrote:
>> 140691172779952:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong 
>> version number:s3_pkt.c:365:
> 
> You don't say, but from the reference to s3_pkt.c above I assume you are using OpenSSL 1.0.2
> 
> This error means that the server has received a record that has the wrong protocol version number in it. It has progressed far enough along the line that it has already processed the initial ClientHello from the client and is now trying to read some later record from the client.
> Because it has already processed the initial ClientHello we have already determined which protocol version is in use, so all records should use that protocol version in their headers. In the case of this error we've received something other than that version.
> 
> This usually occurs because of some corruption of the data.
> 
> Are you also using OpenSSL 1.0.2 on the client?
> 
> Matt
> 
>>
>> Here client is able to do normal connect, post that SSL_connect fails.
>>
>>  
>>
>> This client server program works well outside of systemd.
>>
>>  
>>
>> Do I need to add some extra steps to get this working?
>>
>> Any help or reference would be appreciated.
>>
>>  
>>
>> Thanks & Regards,
>>
>>  
>>
>>  
>>
> 


More information about the openssl-users mailing list