Marek, 

Thanks for the info.  Is it possible that the client is using version 3
while the server is using some other version?  I'm seeing this
error("error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number")  in my client and I'm pretty sure that I'm setting the client's
version to 3.  However I have no control/visibility to the server to
confirm what version they're running.  Does the "3" in the
"SSL3_GET_RECORD" confirm that I'm using version 3? I'll do an iptrace
next to see if I can confirm my version.  Thanks again!


.....................................................................
Carlo Agopian

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Saturday, October 14, 2006 10:58 AM
To: openssl-users@openssl.org
Subject: Re: "SSL3_GET_RECORD:wrong version number"

Hello,
> Yesterday I finally upgraded to openssl 0.9.8d. But in my stunnel 
> process (using the Openssl libraries), indicating SSLv3, I now get
errors, like:
> 
> "error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number"
> 
> A most elusive error, it seems. Google mentions it a couple of times, 
> but nothing relevant.
> 
> What could cause this error? "wrong version number" where? In the 
> cert/key?
No.

> Between the client/server? 
Yes.

> I do not understand.
Versions in client/server SSL records do not agree.
Probably your client sends SSL2 client_hello handshake message and
server is configured only for SSL3/TLS1.
In this situation server does not accept SSL2 client_hello what is being
manifested by "wrong version number" error.
To resolve this error you may disable SSL2 on client or enable SSL2
handshake on server.
tcpdump output from wrong session handshake may be helpful too. 

Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to