Re: SSL3_GET_RECORD:wrong version number

Mon, 11 Dec 2006 09:07:50 -0800 

On Mon, Dec 11, 2006 at 11:01:22AM -0600, chris busbey wrote:

> On 12/11/06, chris busbey <[EMAIL PROTECTED]> wrote:
> >On 12/11/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
> >> > It almost seems like the server is accepted SSL3 msgs, but sending out
> >> > another protocol type.  Any suggestions?
> >> If you using Linux, can you send ssldump or wireshark dump
> >> of this session.
> >
> >Here is an ssldump of s_client connecting to my server.  I am getting
> >a "Length mismatch" error following the client key exchange.  In this
> >run, the server ctx is set to receive SSLv23, the ssl on s_client was
> >not specified.  Would the Length Mismatch indicate a bad key?
> 
> Another trial forcing tls1 on both sides of the connection did not
> result in the above "Length Mismatch" error.  Here is the output of
> that trial's ssl dump.  Any thoughts?
> 
> New TCP connection #67: localhost.localdomain(42489) <->
> localhost.localdomain(5758)
> 67 1  0.0032 (0.0032)  C>SV3.1(95)  Handshake
>      ClientHello
>        Version 3.1
>        random[32]=
>          45 7d 8d 96 89 31 b1 d3 cf 44 80 ae 06 eb 1d ac
>          48 d0 8e bd 96 b5 b8 da c9 cc c0 0c e5 6a ec d7
>        cipher suites
>        Unknown value 0x39
>        Unknown value 0x38
>        Unknown value 0x35
>        TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
>        TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
>        TLS_RSA_WITH_3DES_EDE_CBC_SHA
>        Unknown value 0x33
>        Unknown value 0x32
>        Unknown value 0x2f
>        TLS_DHE_DSS_WITH_RC4_128_SHA
>        TLS_RSA_WITH_RC4_128_SHA
>        TLS_RSA_WITH_RC4_128_MD5
>        TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
>        TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
>        TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5
>        TLS_DHE_RSA_WITH_DES_CBC_SHA
>        TLS_DHE_DSS_WITH_DES_CBC_SHA
>        TLS_RSA_WITH_DES_CBC_SHA
>        TLS_DHE_DSS_WITH_RC2_56_CBC_SHA
>        TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
>        TLS_RSA_EXPORT1024_WITH_RC4_56_MD5
>        TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
>        TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
>        TLS_RSA_EXPORT_WITH_DES40_CBC_SHA
>        TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
>        TLS_RSA_EXPORT_WITH_RC4_40_MD5
>        compression methods
>                  NULL

This one did not offer the extra "unknown" (presumably "zlib")
compression.

-- 
        Viktor.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [email protected]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to