Re: Problems using browsers with OpenSSL Server

Wed, 29 Sep 1999 01:41:16 -0700 

Jim Miller wrote:
> 
> Anyone had any problems with a browser trying to connect to an OpenSSL
> server?  I seem to be getting upset down in the code because of a
> version conflict.
> 
> Call trace:
> ------------
> mycode()
> SSL_accept()
> ssl3_accept()
> ssl3_get_message()
> ssl3_read_bytes()
> ssl3_get_record()
> {
> <snip>
>   p = s->packet; // my packet looks like this at the beginning 80 40 01
> 03 00
>                          // when I connect with an OpenSSL client it
> looks like this 16 03 00 00 47
>                          // hmm....
>   rr->type= *(p++);
>   ssl_major= *(p++); // I always end up with 64 , should be 3
>   ssl_minor= *(p++); // I always get 1, should be 0
>   version=(ssl_major<<8)|ssl_minor;
>   n2s(p,rr->length);
> 
>   /* Lets check version */
>   if (s->first_packet)
>    {
>    s->first_packet=0;
>    }
>   else
>    {
>    if (version != s->version)
>     {
>     SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
>     /* Send back error using their
>      * version number :-) */
>     s->version=version;
>     al=SSL_AD_PROTOCOL_VERSION;
>     goto f_err;
>     }
>    }
> 
>   if ((version>>8) != SSL3_VERSION_MAJOR)
>    {
> // dies in here.... for obvious reasons
>    SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_WRONG_VERSION_NUMBER);
>    goto err;
>    }
> }
> 
> Any ideas, I get the same problem with IE and Netscape.
> 
> Thanks.
> -Jim

Many of SSL clients sends the first CLIENT HELLO with ssl2 format
(0x80.....) because they don't know what version the server supports.
In this first message, the client sends the version he wants to use
(3 for SSL3), then the other exchanged messages are in the appropriate
format SSL3 for V3, SSL2 for V2 etc....

So in your server method configuration you must put :

SSL_CTX *ctx = SSL_CTX_new (SSLv23_server_method()) to correctely
analyse the first client_hello message instead of 

SSL_CTX *ctx = SSL_CTX_new (SSLv3_server_method()) which i suppose 
you did.

good luck
NLB



------- Nathalie LE BERRE  ------------BULL SA/SD/SPD----------
Tel: 01 30 80 79 78 (237 7978)     Rue Jean-Jaures        
Fax: 01 30 80 65 40 (237 6540)     78340 Les Clayes-Sous-Bois
mailto:[EMAIL PROTECTED]  Implantation : FRCL E1-1A-39
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to