Help with TLS call on openssl3
Matt Caswell
matt at openssl.org
Mon Jan 24 13:33:02 UTC 2022
On 24/01/2022 12:58, Srinivas, Saketh (c) wrote:
> HI,
>
> I am using Openssl3. while Run a TLS call, call connected successfully,
> but at the end of the call i got the error message:
>
> SSL3 alert write:fatal:decode error
> SSL error (a000126): unexpected eof while reading
This is a new error message introduced into OpenSSL 3.0. It means that
the peer disconnected without first sending a shutdown message.
In OpenSSL 1.x this would be reported by SSL_get_error() as
SSL_ERROR_SYSCALL but with errno set to 0. The 1.x behaviour was
considered a bug - however fixing it in the 1.x tree caused some
applications that relied on the old behaviour to break - so the fix was
reverted there. The fixed behaviour was kept in the 3.0 tree. This error
is now reported by SSL_get_error() as SSL_ERROR_SSL.
Applications may choose to use the new option SSL_OP_IGNORE_UNEXPECTED_EOF:
https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_options.html
This will cause an unexpected EOF to be treated as if a shutdown has
been received. Note: this should be used with caution since it could
lead to a truncation attack.
Matt
> ERROR on SSL_read err=1 flag=0
> Initiating SSL shutdown
>
> I think some issue while disconnecting the session. When i tried with
> openssl1 it did not throw the error. I am testing with sipp.
>
> IN wireshark i can see sipp sending TCP-FIN-ACK and openssl3 responded
> with TCP-PSH-ACK.
> Whereas in the openssl1 case it responded with a tcp message "encrypted
> alert" .
>
> I think some issue with closing TLS connection in openssl3.
>
> Can someone help me understand why?
>
> thanks,
> Saketh.
>
> Notice: This e-mail together with any attachments may contain
> information of Ribbon Communications Inc. and its Affiliates that is
> confidential and/or proprietary for the sole use of the intended
> recipient. Any review, disclosure, reliance or distribution by others or
> forwarding without express permission is strictly prohibited. If you are
> not the intended recipient, please notify the sender immediately and
> then delete all copies, including any attachments.
More information about the openssl-users
mailing list