Marek, Thanks for the info. Is it possible that the client is using version 3 while the server is using some other version? I'm seeing this error("error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number") in my client and I'm pretty sure that I'm setting the client's version to 3. However I have no control/visibility to the server to confirm what version they're running. Does the "3" in the "SSL3_GET_RECORD" confirm that I'm using version 3? I'll do an iptrace next to see if I can confirm my version. Thanks again!
..................................................................... Carlo Agopian -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola Sent: Saturday, October 14, 2006 10:58 AM To: openssl-users@openssl.org Subject: Re: "SSL3_GET_RECORD:wrong version number" Hello, > Yesterday I finally upgraded to openssl 0.9.8d. But in my stunnel > process (using the Openssl libraries), indicating SSLv3, I now get errors, like: > > "error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number" > > A most elusive error, it seems. Google mentions it a couple of times, > but nothing relevant. > > What could cause this error? "wrong version number" where? In the > cert/key? No. > Between the client/server? Yes. > I do not understand. Versions in client/server SSL records do not agree. Probably your client sends SSL2 client_hello handshake message and server is configured only for SSL3/TLS1. In this situation server does not accept SSL2 client_hello what is being manifested by "wrong version number" error. To resolve this error you may disable SSL2 on client or enable SSL2 handshake on server. tcpdump output from wrong session handshake may be helpful too. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]