<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;background-color:#FFFFFF;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>Hi,</p>
<p><br>
</p>
<p>We have client and server software both using openssl. I am using the following on the server side,</p>
<p><br>
</p>
<p><span>c = SSL_CTX_new</span> (<span>TLSv1_2_server_method</span> ());</p>
<p><span>SSL_CTX_set_options(INTERNAL(bi)->context, SSL_OP_ALL|SSL_OP_NO_SSLv2|SSL_OP_NO_TICKET);</span></p>
<p><br>
</p>
<p>From the client side I am using this:</p>
<p><br>
</p>
<p><span>c = SSL_CTX_new (TLSv1_2_client_method ());</span></p>
<p><br>
</p>
<p>I have tried <span>SSLv23_client_method</span> and <span>TLSv1_1_client_method</span> and also
<span>TLSv1_2_client_method</span> (as above) . Further I have tried setting options
<span>SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1</span>.</p>
<p><br>
</p>
<p>But no matter what I try client always seems to want to communicate in TLS 1.0, which I verified from wireshark output.</p>
<p><br>
</p>
<p>Openssl version is <span>OpenSSL 1.0.2f-fips 28 Jan 2016. <br>
</span></p>
<p><span><br>
</span></p>
<p><span>The error reported by SSL_accept on the server side is as follows:</span></p>
<p><span><br>
</span></p>
<p><span><span>s3_srvr.c:960 error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number</span></span><br>
</p>
<p><br>
</p>
<p><br>
Can somebody please help me understand what I am doing wrong?</p>
<p><br>
</p>
<p>The following is wireshark output for client hello message (where TLS 1.0 can be seen):
<br>
</p>
<p><br>
</p>
<p></p>
<div> TLSv1 Record Layer: Handshake Protocol: Client Hello<br>
Content Type: Handshake (22)<br>
Version: TLS 1.0 (0x0301)<br>
Length: 228<br>
Handshake Protocol: Client Hello<br>
Handshake Type: Client Hello (1)<br>
Length: 224<br>
Version: TLS 1.0 (0x0301)<br>
Random<br>
GMT Unix Time: May 8, 2085 18:48:29.000000000 India Standard Time<br>
Random Bytes: 1320449c55b3169ee836d18c6f6493b76f9766c9fd9cd62a...<br>
Session ID Length: 32<br>
Session ID: 94734c3d52dc3215bb47ccd71709c9e75312efe8c9bfd088...<br>
Cipher Suites Length: 106<br>
Cipher Suites (53 suites)<br>
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)<br>
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)<br>
Cipher Suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)<br>
Cipher Suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)<br>
Cipher Suite: TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037)<br>
Cipher Suite: TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036)<br>
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088)<br>
Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087)<br>
Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0086)<br>
Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0085)<br>
Cipher Suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA (0xc019)<br>
Cipher Suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f)<br>
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005)<br>
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)<br>
Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)<br>
Cipher Suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)<br>
Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)<br>
Cipher Suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)<br>
Cipher Suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032)<br>
Cipher Suite: TLS_DH_RSA_WITH_AES_128_CBC_SHA (0x0031)<br>
Cipher Suite: TLS_DH_DSS_WITH_AES_128_CBC_SHA (0x0030)<br>
Cipher Suite: TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x009a)<br>
Cipher Suite: TLS_DHE_DSS_WITH_SEED_CBC_SHA (0x0099)<br>
Cipher Suite: TLS_DH_RSA_WITH_SEED_CBC_SHA (0x0098)<br>
Cipher Suite: TLS_DH_DSS_WITH_SEED_CBC_SHA (0x0097)<br>
Cipher Suite: TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045)<br>
Cipher Suite: TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044)<br>
Cipher Suite: TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0043)<br>
Cipher Suite: TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0042)<br>
Cipher Suite: TLS_ECDH_anon_WITH_AES_128_CBC_SHA (0xc018)<br>
Cipher Suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e)<br>
Cipher Suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004)<br>
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)<br>
Cipher Suite: TLS_RSA_WITH_SEED_CBC_SHA (0x0096)<br>
Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)<br>
Cipher Suite: TLS_RSA_WITH_IDEA_CBC_SHA (0x0007)<br>
Cipher Suite: TLS_ECDHE_RSA_WITH_RC4_128_SHA (0xc011)<br>
Cipher Suite: TLS_ECDHE_ECDSA_WITH_RC4_128_SHA (0xc007)<br>
Cipher Suite: TLS_ECDH_anon_WITH_RC4_128_SHA (0xc016)<br>
Cipher Suite: TLS_ECDH_RSA_WITH_RC4_128_SHA (0xc00c)<br>
Cipher Suite: TLS_ECDH_ECDSA_WITH_RC4_128_SHA (0xc002)<br>
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)<br>
Cipher Suite: TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)<br>
Cipher Suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)<br>
Cipher Suite: TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x0016)<br>
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)<br>
Cipher Suite: TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA (0x0010)<br>
Cipher Suite: TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA (0x000d)<br>
Cipher Suite: TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA (0xc017)<br>
Cipher Suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA (0xc00d)<br>
Cipher Suite: TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc003)<br>
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)<br>
Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff)<br>
Compression Methods Length: 1<br>
Compression Methods (1 method)<br>
Compression Method: null (0)</div>
<br>
<p></p>
<p><br>
</p>
<p><br>
</p>
<p>Thanks,</p>
<p>Prabhat.<br>
</p>
<p><br>
</p>
<p><br>
</p>
</div>
</body>
</html>