Up front, I'd like to apologize if this is an FAQ or has been answered 
on this list: my workload means that I simply can't keep as up-to-date as I 

I have a situation where my application fails to accept an incoming SSL 
handshake on Windows Server 2012, but the identical software running on 
Server 2019 accepts the same connection from the same remote client without 
a problem. Other types of client software (such as Thunderbird) connect to 
either system without any problems. The connecting client is a Windows Cash 
Register using Window's built-in crypto facilities. If I downgrade my app to 
OpenSSL 1.1.1g or earlier, the problem doesn't happen. With 1.1.1k or 1.1.1q, I 
get the error (I haven't built any versions of OpenSSL between k and q). In 
it helps, the connection is an incoming SMTP connection on port 587, and 
STARTTLS is used to begin SSL negotiation.

SSL_accept returns -1, with an extended error of "SSL_ERROR_SYSCALL" (5), 
which I understand to be largely what it returns when it doesn't have a clear 
of what's gone wrong. The error queue is completely empty in this situation. 
cert is a LetsEncrypt cert that loads without errors and works fine with other 

Do recent versions of OpenSSL 1.1.1 have dependencies on some Windows 
facility (winsock and wincrypt seem likely candidates) that might work on 
2019 but fail on Server 2012?

The version of my application that is in public release uses 1.1.1g, so isn't 
affected by this issue, but I'm slightly worried that I'm going to see an 
uptick in 
this type of problem if I release builds based on later versions of 1.1.1.

Does this ring any bells with anyone? Again, apologies if this is answered 
elsewhere - I *did* spend some time in Google but couldn't find anything that 
seemed relevant.

Thanks in advance for any advice.


-- David --

Reply via email to