Cannot complete handshake with Oracle-HTTP-Server #20
Comments
|
Debugged a similar issue in AuthenticateAsServer by rebuilding ssleay32 and poking around to see where the version gets set. My issue was caused by TLSv12_server_method being the default method for SslStreamServer - this was causing my server to reject any ClientHello with a version below TLS 1.2 (in my case TLS 1.0). It seems that if you want the other party to be able to support a lower protocol version, you need to use SSLv23_server_method/SSLv23_client_method instead, which are special modes that allow OpenSSL to understand any protocol version but only allow the ones specified by your SslProtocols flags. See http://stackoverflow.com/questions/23709664/openssl-let-the-server-and-client-negotiate-the-method for a better explanation than mine :) |
When calling
sslStream.AuthenticateAsClient(target, null, null, SslProtocols.Default, SslStrength.All, false);I get the following SSL error:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version numberThe handshake goes:
C->S TLSv1 440 Client Hello
S<-C TLSv1 124 Server Hello
S<-C TLSv1 1481 Certificate
C->S TLSv1 61 Alert (Level: Fatal, Description: Protocol Version)
S<-C TLSv1 61 Alert (Level: Fatal, Description: Close Notify)
openssl s_client connects correctly (tested on linux). The server supports only TLSv1. You can reproduce this problem by connecting to eg. www.tis-tadawul.com.sa on port 443
The text was updated successfully, but these errors were encountered: