Hello, > Thanks for the info. Is it possible that the client is using version 3 > while the server is using some other version? I'm seeing this > error("error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version > number") in my client and I'm pretty sure that I'm setting the client's > version to 3. However I have no control/visibility to the server to > confirm what version they're running. Does the "3" in the > "SSL3_GET_RECORD" confirm that I'm using version 3? I'll do an iptrace > next to see if I can confirm my version. Thanks again! No, this "3" means that this is error from routines which are capable of getting SSL3 and TLS1 records but real protocol version is not visible in this message.
You may try to experiment with openssl s_client command. For example, I have web server which only uses SSL3 version (but as we will see - understands SSL2 client_hello packet) when connecting with openssl s_client I have: (no protocol option, SSL2 client_hello sent to begin handshake) $ openssl s_client -connect noded:443 .... SSL-Session: Protocol : SSLv3 Cipher : RC4-MD5 .... (only SSL2 enabled, SSL2 client_hello sent to begin handshake) $ openssl s_client -connect noded:443 -ssl2 CONNECTED(00000003) 17362:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428: (only SSL3 enabled, SSL3 client_hello sent to begin handshake) $ openssl s_client -connect noded:443 -ssl3 .... SSL-Session: Protocol : SSLv3 Cipher : RC4-MD5 .... (only TLS1 enabled, TLS1 client_hello sent to begin handshake) $ openssl s_client -connect noded:443 -tls1 CONNECTED(00000003) 17373:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:288: Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]