Re: compilation of openssl-0.9.6b and TLS wrong version number problem

Mon, 19 Jul 2004 07:07:36 -0700 

Lara Adianto wrote:

I actually used openssl-0.9.6i, it compiled perfectly
and can link with openldap properly.
But when I tested the TLS connection with the server,
it threw me :
-----------------------------------------------------
....
TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client
certificate A
TLS trace: SSL_accept:error in SSLv3 read client
certificate A
daemon: select: listen=6 active_threads=0 tvp=NULL
daemon: select: listen=7 active_threads=0 tvp=NULL
daemon: activity on 1 descriptors
daemon: activity on: 10r
daemon: read activity on 10
connection_get(10): got connid=1
connection_read(10): checking for input on id=1
TLS trace: SSL_accept:error in SSLv3 read client
certificate A
TLS: can't accept.
TLS: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
version number s3_pkt.c:297

The last two lines say (after a look into s3_pkt.c at line 297) that the major version number in the SSL record is unequal to '3'. It may be that the client speaks only SSLv2, check therefore the client configuration.
It may be helpful if you trace the handshake with ssldump (see http://www.rtfm.com).

connection_read(10): TLS accept error error=-1 id=1,
closing
connection_closing: readying conn=1 sd=10 for close
connection_close: conn=1 sd=10
-----------------------------------------------------

I posted this problem to this list, but nobody
replied...so I thought that I have to use the same
version of ssl in the server and the client....is this
true ?


I would be surprised if using the same version of OpenSSL helps ;-).
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens Computers GmbHm
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to