Issue with using TLS

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Issue with using TLS

Sean Glazier
Hi,

I have an issue with using a TLS client-server set up.

on the client side I am using 32 open ssl library version 1.1 and the same set on the server side in VA smalltalk. Both are on windows.

On the c side I set the SSL_CTX_new(TLS_client_method()) on the server I restricted to TLS only as per our security policy.

I get through the hand shake and the client sends data over to the sever. however upon reading the server gives and openSSL error as follows:
OpenSSLError
Error Code: 336130315
Error Object: ('wrong version number')
Error String: 'error:1408F10B:SSL routines:ssl3_get_record:wrong version number'
Error Hint: 'ssl3_get_record:wrong version number'
AuxiliaryData: nil.
 

I have attempted to work around this by setting on the server side the following option:  SSL_OP_TLS_ROLLBACK_BUG . I saw from forums that this will tell the server to ignore this bug. However, I still get the same bug.

Does anyone know the workaround for this issue? 
 
Kind Regards,
 
Sean Glazier
 

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|

Re: Issue with using TLS

Matt Caswell-2


On 08/10/18 16:43, Sean Glazier wrote:

> Hi,
>
> I have an issue with using a TLS client-server set up.
>
> on the client side I am using 32 open ssl library version 1.1 and the
> same set on the server side in VA smalltalk. Both are on windows.
>
> On the c side I set the SSL_CTX_new(TLS_client_method()) on the server I
> restricted to TLS only as per our security policy.
>
> I get through the hand shake and the client sends data over to the
> sever. however upon reading the server gives and openSSL error as follows:
> OpenSSLError
> Error Code: 336130315
> Error Object: ('wrong version number')
> Error String: 'error:1408F10B:SSL routines:ssl3_get_record:wrong version
> number'
> Error Hint: 'ssl3_get_record:wrong version number'
> AuxiliaryData: nil.

This usually occurs if the data that is received doesn't look like TLS,
either because it is corrupted or is some other protocol. The TLS record
version number is the first thing we check, so if you've got bad data
then this is the first error you hit.

>
> I have attempted to work around this by setting on the server side the
> following option:  SSL_OP_TLS_ROLLBACK_BUG . I saw from forums that this
> will tell the server to ignore this bug. However, I still get the same bug.

Don't do that. That option is an ancient client bug workaround that
should not be necessary in modern code.


> Does anyone know the workaround for this issue? 

Send me a wireshark trace of a failing connection and I can take a look
at it.

Matt


>  
> Kind Regards,
>  
> Sean Glazier
>  
>
>
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users