[openssl-users] Version negotiation failure failure?
openssl at jordan.maileater.net
Wed Sep 5 15:19:26 UTC 2018
Any thoughts here?
On 8/31/2018 6:14 PM, Jordan Brown wrote:
> We're trying to nail down error reporting for TLS version mismatches,
> and we're seeing a couple of puzzling behaviors.
> First, and most puzzling... assume these two command lines:
> $ openssl s_server -cert 2018.08.31.a.pem -key 2018.08.31.a.key
> $ openssl s_client -connect zel.us.oracle.com:4433 -tls1
> That is, I have a server that won't accept TLSv1.0, and a client that
> will only accept TLSv1.0.
> On the server side I see
> 1:error:14076102:SSL routines:SSL23_GET_CLIENT_HELLO:unsupported
> which makes perfect sense. On the client side I see
> 4294956672:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl
> handshake failure:s3_pkt.c:659:
> which isn't as good, but is still sort of sensible. But when I look
> at the packets exchanged, I see that the client sends a Client Hello,
> and the server responds with an ACK and then a FIN-ACK, with no data.
> It just hangs up the phone. This seems to violate RFC 5246 section
> E.1: "If server supports (or is willing to use) only versions greater
> than client_version, it MUST send a "protocol_version" alert message
> and close the connection.". Where's my protocol version alert?
> Of course my real case does not involve the sample client and server -
> it involves my own clients and servers - but I seem to see the same
> behavior with several servers (notably including the Apache httpd).
> This looks like it's the same as
> https://rt.openssl.org/Ticket/Display.html?id=2777 . I'm using
> 1.0.2o. (But I don't see anything relevant-looking in the 1.0.2p
> changes.) I've seen similar behavior from 1.0.2o-fips.
> Am I missing something here, or is this a server-side bug?
> And then, on the client side...
> SSL_connect returns zero. Exactly how that failure differs from a
> less-than-zero error is not clear, but OK. The docs say to call
> SSL_get_error(). SSL_get_error() returns 5, SSL_ERROR_SYSCALL. (That
> seems a little strange, since I don't think there's any system call
> errors here.) The docs say to consult the error queue and errno.
> ERR_peek_last_error( ) returns zero. Errno is zero. It failed, but
> nobody will tell me why.
> Am I missing something here, or is this a client library bug?
> (I have not tracked down exactly how the s_client tool ends up with a
> message. It seems to use a more intricate mechanism than SSL_connect.)
> Jordan Brown, Oracle Solaris
Jordan Brown, Oracle Solaris
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users