[openssl-users] Multiple reconnection in OpenSSL 1.1.0
Matt Caswell
matt at openssl.org
Tue Jan 16 13:57:28 UTC 2018
On 16/01/18 13:35, Huy Cong Vu wrote:
> Thanks for the advice, I got these as error:
> 1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl/record/ssl3_record.c:210
> 1408F119:SSL routines:ssl3_get_record:decryption failed or bad record mac:ssl/record/ssl3_record.c:375
>
> Does it means my configuration is not correct, or not synchronized between client and server?
It means the data OpenSSL is trying to read looks incorrectly formatted.
This should never normally happen with two correctly working endpoints.
The first error will normally immediately result in an alert being sent
and the function call failing - meaning that you'd never get to hit the
second error. I can't see a way of getting both those errors in a single
function call - which might suggest some earlier function call has
failed and the error message is still on the error queue when you call
SSL_read().
A couple of things to try:
- Try calling ERR_print_errors_fp() *before* the call to SSL_read() as
well, to verify there are no errors already in the queue
- A wireshark trace of the communication between the two endpoints might
be helpful to figure out what is going wrong
Matt
More information about the openssl-users
mailing list