<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">On 09 Nov 2017, at 4:17 AM, Michael Wojcik <<a href="mailto:Michael.Wojcik@microfocus.com" class="">Michael.Wojcik@microfocus.com</a>> wrote:<br class=""><div><br class=""><blockquote type="cite" class=""><div class=""><div class=""><blockquote type="cite" class="">New, (NONE), Cipher is (NONE)<br class="">SSL-Session:<br class=""> Protocol : TLSv1.2<br class=""> Cipher : 0000<br class=""></blockquote><br class="">Yeah. TLSv1.2, no cipher. My guess is the server is allowing the 1.2 protocol level but not supporting any of the 1.2 suites.<br class=""></div></div></blockquote><div><br class=""></div><div>Does this definitely mean no cipher, or could it mean “I failed earlier in the process before I took note of the cipher, like with the no peer certificate available"?</div><div><br class=""></div><blockquote type="cite" class=""><div class=""><div class=""><blockquote type="cite" class="">42 2 0.0056 (0.0017) S>CV3.3(62) Handshake<br class=""> ServerHello<br class=""> Version 3.3<br class=""> random[32]=<br class=""> f9 4d fa 63 ee d5 65 6d ba dd 58 de 51 00 8e ac<br class=""> 9f 45 24 43 e2 17 88 07 41 9a 8d aa 7f 95 2a 13<br class=""> session_id[0]=<br class=""><br class=""> cipherSuite Unknown value 0xc030<br class=""></blockquote><br class="">Hmm. This claims they agreed on TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384. Maybe no ECC curves in common for ECDHE Kx?<br class=""></div></div></blockquote><div><br class=""></div><div>This is openssl v1.0.1f (ubuntu xenial) talking to openssl v1.0.1f (ubuntu xenial), although trying openssl as shipped by MacOS Sierra on the client side gives the same result.</div><div><br class=""></div><div>I set the ciphers explicitly on the server side to DEFAULT and got the same result (eliminating whatever weird settings postgresql-on-ubuntu might have as a default).</div><div><br class=""></div><div>Next step was to bring openssl up onto a debugger and see what openssl was doing internally. I created a debug build of v1.0.2m, and I now have different behaviour:</div><div><br class=""></div><div>When openssl v1.0.2m tries to connect to postgresql running openssl v1.0.1f (ubuntu xenial), I get different behaviour:</div><div><br class=""></div><div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">New TCP connection #2: localhost(61009) <-> localhost(15432)</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">2 1 0.0002 (0.0002) C>S Handshake</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> ClientHello</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Version 3.3 </span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> cipher suites</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc030</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc02c</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc028</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc024</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc014</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc00a</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xa5</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xa3</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xa1</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x9f</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x6b</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x6a</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x69</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x68</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_DHE_RSA_WITH_AES_256_CBC_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_DHE_DSS_WITH_AES_256_CBC_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_DH_RSA_WITH_AES_256_CBC_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_DH_DSS_WITH_AES_256_CBC_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x88</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x87</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x86</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x85</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc032</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc02e</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc02a</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc026</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc00f</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc005</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x9d</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x3d</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_RSA_WITH_AES_256_CBC_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x84</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc02f</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc02b</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc027</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc023</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc013</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc009</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xa4</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xa2</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xa0</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x9e</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_DHE_DSS_WITH_NULL_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x40</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x3f</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x3e</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_DHE_RSA_WITH_AES_128_CBC_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_DHE_DSS_WITH_AES_128_CBC_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_DH_RSA_WITH_AES_128_CBC_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_DH_DSS_WITH_AES_128_CBC_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x9a</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x99</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x98</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x97</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x45</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x44</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x43</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x42</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc031</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc02d</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc029</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc025</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc00e</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc004</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x9c</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x3c</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_RSA_WITH_AES_128_CBC_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x96</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0x41</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_RSA_WITH_IDEA_CBC_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc011</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc007</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc00c</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc002</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_RSA_WITH_RC4_128_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_RSA_WITH_RC4_128_MD5</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc012</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc008</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc00d</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xc003</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> TLS_RSA_WITH_3DES_EDE_CBC_SHA</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> Unknown value 0xff</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> compression methods</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> unknown value</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class=""> NULL</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">2 0.0151 (0.0148) S>C TCP FIN</span></div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">2 0.0161 (0.0009) C>S TCP FIN</span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div></div><div>The server side logs the following and slams the phone down:</div><div><br class=""></div><div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">2017-11-09 11:01:19 UTC [12025-1] [unknown]@[unknown] LOG: invalid length of startup packet</span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div></div><div>The client side logs the following hint:</div><div><br class=""></div><div><div style="margin: 0px; font-size: 10px; line-height: normal; font-family: Monaco; background-color: rgb(255, 255, 255);" class=""><span style="font-variant-ligatures: no-common-ligatures" class="">SSL handshake has read 0 bytes and written 382 bytes</span></div><div class=""><span style="font-variant-ligatures: no-common-ligatures" class=""><br class=""></span></div></div><div>Why would 382 bytes be an invalid length for an SSL startup packet?</div><div><br class=""></div><div>I did see old bug reports from around 2012 where Ubuntu shipped an openssl that broke on many sites, and there were references that buggy SSL implementations were limited to 255 bytes only. Was openssl ever such a buggy implementation?</div><div><br class=""></div><div>Regards,</div><div>Graham</div><div>—</div><div><br class=""></div></div></body></html>