SSL negotiation failed: error:00000000:lib(0):func(0):reason(0)

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

SSL negotiation failed: error:00000000:lib(0):func(0):reason(0)

Nayna Jain

Hi,

I have seen this error many times for different reasons. Am not able to
make meaning out of this error

SSL negotiation failed: error:00000000:lib(0):func(0):reason(0)

Can someone help me to understand what this error means ? And for what
reason negotiation might have failed.

On google, i couldn't get much information.

Since the error seems to be too much code level, sending it to openssl dev
group also, along with openssl users group.

Thanks & Regards,
Nayna Jain

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SSL negotiation failed: error:00000000:lib(0):func(0):reason(0)

Brad House-2
On 4/21/14 5:20 AM, Nayna Jain wrote:
> I have seen this error many times for different reasons. Am not able to
> make meaning out of this error
>
> SSL negotiation failed: error:00000000:lib(0):func(0):reason(0)

It means no SSL error occurred.  Typically you'll see this in a server
environment when a client initiates a connection to the server, but
then immediately disconnects, or sends data other than beginning
SSL negotiation.

-Brad
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SSL negotiation failed: error:00000000:lib(0):func(0):reason(0)

Nayna Jain
Thanks for the quick response.

I think sometimes it reaches to the state of certiicates handshake.. not
sure for everytime as it appears randomly.

Was just wondering , is it not possible to make it bit meaningful. I mean
it is shown randomly for different reason. And many times many the first
reason comes is as - it as  mismatch issue between server and client SSL
connection either protocol or certificates like that..

Thanks & Regards,
Nayna Jain




From: Brad House <[hidden email]>
To: [hidden email],
Date: 04/21/2014 04:48 PM
Subject: Re: SSL negotiation failed: error:00000000:lib(0):func
            (0):reason(0)
Sent by: [hidden email]



On 4/21/14 5:20 AM, Nayna Jain wrote:
> I have seen this error many times for different reasons. Am not able to
> make meaning out of this error
>
> SSL negotiation failed: error:00000000:lib(0):func(0):reason(0)

It means no SSL error occurred.  Typically you'll see this in a server
environment when a client initiates a connection to the server, but
then immediately disconnects, or sends data other than beginning
SSL negotiation.

-Brad
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: SSL negotiation failed: error:00000000:lib(0):func(0):reason(0)

Brad House-2
On 04/21/2014 12:04 PM, Nayna Jain wrote:

> Thanks for the quick response.
>
> I think sometimes it reaches to the state of certiicates handshake.. not
> sure for everytime as it appears randomly.
>
> Was just wondering , is it not possible to make it bit meaningful. I mean
> it is shown randomly for different reason. And many times many the first
> reason comes is as - it as  mismatch issue between server and client SSL
> connection either protocol or certificates like that..
>
> Thanks & Regards,
> Nayna Jain
>
> From: Brad House <[hidden email]>
> To: [hidden email],
> Date: 04/21/2014 04:48 PM
> Subject: Re: SSL negotiation failed: error:00000000:lib(0):func
>              (0):reason(0)
> Sent by: [hidden email]
>
>
>
> On 4/21/14 5:20 AM, Nayna Jain wrote:
>> I have seen this error many times for different reasons. Am not able to
>> make meaning out of this error
>>
>> SSL negotiation failed: error:00000000:lib(0):func(0):reason(0)
>
> It means no SSL error occurred.  Typically you'll see this in a server
> environment when a client initiates a connection to the server, but
> then immediately disconnects, or sends data other than beginning
> SSL negotiation.


If I'm not mistaken, the client should be sending a TLS alert code to the
server if they are choosing to disconnect due to a certificate error.
OpenSSL will then return the alert code received in that error message
rather than a reason code of 0.  So it sort of makes sense that OpenSSL
wouldn't return an SSL error because the client simply disconnected,
so there wasn't technically an error other than the fact that the
client disconnected without sending an alert as to why.

Some info here on various alerts:
http://en.wikipedia.org/wiki/Transport_Layer_Security#Alert_protocol

I do agree though that it would be helpful to have a few additional
error codes to help indicate these sort of circumstances, it would aid
in debugging issues in the field for why SSL negotiation might have
failed since you may not have control over the client side to determine
such failures.

-Brad


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]