[openssl-users] Issue with using TLS

Matt Caswell matt at openssl.org
Mon Oct 8 17:08:58 UTC 2018



On 08/10/18 16:43, Sean Glazier wrote:
> Hi,
> 
> I have an issue with using a TLS client-server set up.
> 
> on the client side I am using 32 open ssl library version 1.1 and the
> same set on the server side in VA smalltalk. Both are on windows.
> 
> On the c side I set the SSL_CTX_new(TLS_client_method()) on the server I
> restricted to TLS only as per our security policy.
> 
> I get through the hand shake and the client sends data over to the
> sever. however upon reading the server gives and openSSL error as follows:
> OpenSSLError
> Error Code: 336130315
> Error Object: ('wrong version number')
> Error String: 'error:1408F10B:SSL routines:ssl3_get_record:wrong version
> number'
> Error Hint: 'ssl3_get_record:wrong version number'
> AuxiliaryData: nil. 

This usually occurs if the data that is received doesn't look like TLS,
either because it is corrupted or is some other protocol. The TLS record
version number is the first thing we check, so if you've got bad data
then this is the first error you hit.

> 
> I have attempted to work around this by setting on the server side the
> following option:  SSL_OP_TLS_ROLLBACK_BUG . I saw from forums that this
> will tell the server to ignore this bug. However, I still get the same bug.

Don't do that. That option is an ancient client bug workaround that
should not be necessary in modern code.


> Does anyone know the workaround for this issue? 

Send me a wireshark trace of a failing connection and I can take a look
at it.

Matt


>  
> Kind Regards,
>  
> Sean Glazier
>  
> 
> 


More information about the openssl-users mailing list