Since you did not give us a lot of information, I compiled the old openssl version and checked against your server. OpenSSL 1.0.2 does not send the Server Name Indication and it seems that your server does not have a default server set up. Forcing the SNI to be included allows it to connect: openssl s_client -connect data.reversinglabs.com:443 -tls1_2 -servername data.reversinglabs.com
Check your server setup and ensure that a default virtual host has been defined. Mark Hack On Tue, 2022-05-17 at 15:55 -0400, Geek Geek wrote: > I run into the following issue when I use openssl 1.0.2k (amazon > linux2) to check the connection. > > [ec2-user@ip-172-31-29-28 ~]$ openssl s_client -connect > data.reversinglabs.com:443 -tls1_2 > CONNECTED(00000003) > 139994515941280:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong > version number:s3_pkt.c:365: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 5 bytes and written 0 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > No ALPN negotiated > SSL-Session: > Protocol : TLSv1.2 > Cipher : 0000 > Session-ID: > Session-ID-ctx: > Master-Key: > Key-Arg : None > Krb5 Principal: None > PSK identity: None > PSK identity hint: None > Start Time: 1652817101 > Timeout : 7200 (sec) > Verify return code: 0 (ok) > --- > > > [ec2-user@ip-172-31-29-28 ~]$ openssl version > OpenSSL 1.0.2k-fips 26 Jan 2017 > > > If I use brew install the latest openssl (3.0.*), then the same > command works. As our production is still using openssl 1.0.2k, my > question is what causes this error and whether this is really an > issue. > > Thanks.
