Program works with older libssl, but not with newer
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Mar 31 17:42:09 UTC 2020
On Tue, Mar 31, 2020 at 04:51:32PM +0200, Christoph Pleger wrote:
> > > I have here a self-written server program and the corresponding
> > > self-written client program. These run well together with libssl 1.1.0l,
> > > but with libssl 1.1.1d, the same programs give errors SSL_ERROR_SYSCALL
> > > in SSL_read(), no matter if I recompile the programs and then run them,
> > > or just replace libssl with the newer version.
> >
> > OpenSSL 1.1.1 supports TLS 1.3, which OpenSSL 1.1.0 did not.
> >
> > > So, I want to ask if there are any known incompabilities in the libssl
> > > versions that require me to change the code of the programs, or if there
> > > is
> > > any known bug in libssl1.1.1d that may cause the mentioned errors.
> >
> > Use of TLS 1.3 changes the communication patterns of the TLS protocol in
> > some non-trivial ways, and, if your application were fragile, it might
> > have gotten by with TLS 1.2, but the latent bugs could show up with TLS
> > 1.3.
>
> Now, I replaced TLS_server_method() and TLS_client_method() with
> TLSv1_2_server_method() and TLSv1_2_client_method() respectively, and the same
> error occurs.
Well, in that case, you need to provide more detail. Does the handshake
complete? If not, at what stage does it fail?
A PCAP file may be needed. And you need to explain what operation
fails with SSL_ERROR_SYSCALL, and do an "strace" or equivalent to
understand what the relevant socket read calls returned.
--
Viktor.
More information about the openssl-users
mailing list