[openssl-users] Multiple reconnection in OpenSSL 1.1.0

[Huy Cong Vu]

On 16/01/18 10:31, Huy Cong Vu wrote:
> OpenSSL_add_all_algorithms(); 
> SSL_load_error_strings();

You do not need to make the above two calls in 1.1.0. They are called
automatically.

> //Setup curves parameters
> EC_KEY *ecdh = EC_KEY_new_by_curve_name (NID_X9_62_prime256v1);
> SSL_CTX_set_tmp_ecdh (ctx_in, ecdh);
> EC_KEY_free(ecdh);

You do not need to do this in 1.1.0. Curve parameters are set up
automatically.

> 
> //Set options
> SSL_CTX_set_options(ctx_in, SSL_OP_SINGLE_ECDH_USE && SSL_MODE_AUTO_RETRY);

You are using logical && here instead of boolean |. This will mean that
these options are not correctly set. In any case SSL_OP_SINGLE_ECDH_USE
is not needed and is unused in 1.1.0 (it has the value 0). This is the
default (and only) mode of operation any way for 1.1.0.

>                 //wait on buffer
> 		int bytes = SSL_read(ssl, buf, sizeof(buf));
>                 //here bytes return -1, and there is no error with SSL_get_errors

Try calling ERR_print_errors_fp() here to see if you get any clues.

Thanks for the advice, I got these as error:
1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:210
1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac:ssl/record/ssl3_record.c:375 

Does it means my configuration is not correct, or not synchronized between client and server?

Matt

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users