Re: SSL3_GET_RECORD:wrong version number

Victor Duchovni Mon, 11 Dec 2006 09:05:45 -0800

On Mon, Dec 11, 2006 at 10:48:34AM -0600, chris busbey wrote:

> On 12/11/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
> >> It almost seems like the server is accepted SSL3 msgs, but sending out
> >> another protocol type.  Any suggestions?
> >If you using Linux, can you send ssldump or wireshark dump
> >of this session.
> 
> Here is an ssldump of s_client connecting to my server.  I am getting
> a "Length mismatch" error following the client key exchange.  In this
> run, the server ctx is set to receive SSLv23, the ssl on s_client was
> not specified.  Would the Length Mismatch indicate a bad key?
>


Is either the server or the client using OpenSSL 0.9.8a or 0.9.8b, if
compiled with zlib support, and all bug work-arounds are enabled via
SSL_OP_ALL, you will run into problems, this is fixed in 0.9.8c and
later.

> New TCP connection #5: localhost.localdomain(41722) <->
> localhost.localdomain(5758)
> 5 1  0.0025 (0.0025)  C>SV3.0(84)  Handshake
>      ClientHello
>        Version 3.0
>        random[32]=
>          45 7d 8b 12 f3 38 eb 69 fe 5c 7d 3e eb b8 02 0d
>          32 0a ef 70 d8 30 b2 ab 41 e3 47 5a fd 0b 61 80
>        cipher suites
>        Unknown value 0x39
>        Unknown value 0x38
>        Unknown value 0x35
>        SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
>        SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
>        SSL_RSA_WITH_3DES_EDE_CBC_SHA
>        Unknown value 0x33
>        Unknown value 0x32
>        Unknown value 0x2f
>        SSL_RSA_WITH_IDEA_CBC_SHA
>        SSL_RSA_WITH_RC4_128_SHA
>        SSL_RSA_WITH_RC4_128_MD5
>        SSL_DHE_RSA_WITH_DES_CBC_SHA
>        SSL_DHE_DSS_WITH_DES_CBC_SHA
>        SSL_RSA_WITH_DES_CBC_SHA
>        SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
>        SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
>        SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
>        SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5
>        SSL_RSA_EXPORT_WITH_RC4_40_MD5
>        compression methods
>                unknown value
>                  NULL
> 5 2  0.0050 (0.0024)  S>CV3.0(74)  Handshake
>      ServerHello
>        Version 3.0
>        random[32]=
>          45 7d 8b 12 f4 42 79 fe bd e5 34 59 e7 02 aa 8e
>          c9 d6 b3 9d c5 23 cd 1e a3 76 de 5d 3f 69 0b a6
>        session_id[32]=
>          20 3e 42 dc 97 0b f5 73 ac a0 b5 50 01 e5 1c a9
>          0f 74 71 06 55 87 9f 55 3d a9 e5 1c d2 a1 13 9a
>        cipherSuite         Unknown value 0x35
>        compressionMethod                 unknown value
> 5 3  0.0050 (0.0000)  S>CV3.0(889)  Handshake
>      Certificate
> 5 4  0.0050 (0.0000)  S>CV3.0(4)  Handshake
>      ServerHelloDone
> 5 5  0.0198 (0.0148)  C>SV3.0(132)  Handshake
>      ClientKeyExchange
> ERROR: Length mismatch

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Re: SSL3_GET_RECORD:wrong version number

Reply via email to