[openssl-users] Version negotiation failure failure?

Jordan Brown openssl at jordan.maileater.net
Tue Sep 11 00:27:36 UTC 2018


On 9/10/2018 1:42 PM, Kurt Roeckx wrote:
> I can not reproduce this in 1.0.1, 1.0.2, 1.1.0 or 1.1.1. I believe
> this was fixed in all branches. I've tried 1.0.2o too, and I still get
> the alert back. 

Interesting.  My attempts were on Solaris x86[*].  I'll have to try
other platforms.

[...later...]

With the Cygwin server (1.0.2n), I get different behavior.

The server says:

    4294956672:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert
    handshake failure:s3_pkt.c:1500:SSL alert number 40

where you might recall the Solaris server said:

    1:error:14076102:SSL routines:SSL23_GET_CLIENT_HELLO:unsupported
    protocol:s23_srvr.c:605:

The client (either Solaris or Cygwin) says:

    1:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
    number:s3_pkt.c:365:

which is perfect.

Time to go figure out why our OpenSSL server is misbehaving.

    [*] As you might infer from my signature below, I work for Oracle in
    the Solaris group.  My immediate organization is primarily concerned
    with our Solaris-based storage products.  (That's not quite
    accurate, but you don't want to know about our org chart.)

-- 
Jordan Brown, Oracle Solaris

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20180911/b0ccca96/attachment-0001.html>


More information about the openssl-users mailing list