Jeffrey Walton noloader at gmail.com
Mon Jan 19 04:18:26 UTC 2015

On Sun, Jan 18, 2015 at 3:25 PM, Matt Caswell <matt at openssl.org> wrote:
> On 18/01/15 20:13, Jeffrey Walton wrote:
>> My bad... I think this is the code (from around line 500 in s3_both.c):
>>         /* s->init_num == 4 */
>>         if ((mt >= 0) && (*p != mt))
>>             {
>>             al=SSL_AD_UNEXPECTED_MESSAGE;
>>             goto f_err;
>>             }
>> What would cause this error on a client?
> The client has an internal state machine which tells it what message it
> should expect next from the server based on its current state. Only
> certain messages are legal at any one time. The variable mt holds the
> message type of the message it is expecting to receive. The variable p
> points into the message buffer for the message that it has actually
> received. If the message sent from the server doesn't match the one the
> client was expecting then you get this error.
Thanks again Matt.

So it appears the Android client is using OpenSSL 1.0.0. It also
appears the client advertizes the curve zoo, and the server selects

I'd like to test with the server using only secp256r1.

Is there a way to disable curves through a configuration file? I'd
like to have the server only use the one curve.

More information about the openssl-users mailing list