Hello,
> Thanks for the info. Is it possible that the client is using version 3
> while the server is using some other version? I'm seeing this
> error("error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
> number") in my client and I'm pretty sure that I'm setting the client's
> version to 3. However I have no control/visibility to the server to
> confirm what version they're running. Does the "3" in the
> "SSL3_GET_RECORD" confirm that I'm using version 3? I'll do an iptrace
> next to see if I can confirm my version. Thanks again!
No, this "3" means that this is error from routines which are capable
of getting SSL3 and TLS1 records but real protocol version is not
visible in this message.
You may try to experiment with openssl s_client command.
For example, I have web server which only uses SSL3 version
(but as we will see - understands SSL2 client_hello packet)
when connecting with openssl s_client I have:
(no protocol option, SSL2 client_hello sent to begin handshake)
$ openssl s_client -connect noded:443
....
SSL-Session:
Protocol : SSLv3
Cipher : RC4-MD5
....
(only SSL2 enabled, SSL2 client_hello sent to begin handshake)
$ openssl s_client -connect noded:443 -ssl2
CONNECTED(00000003)
17362:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake
failure:s2_pkt.c:428:
(only SSL3 enabled, SSL3 client_hello sent to begin handshake)
$ openssl s_client -connect noded:443 -ssl3
....
SSL-Session:
Protocol : SSLv3
Cipher : RC4-MD5
....
(only TLS1 enabled, TLS1 client_hello sent to begin handshake)
$ openssl s_client -connect noded:443 -tls1
CONNECTED(00000003)
17373:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
number:s3_pkt.c:288:
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
