8000 Cannot complete handshake with Oracle-HTTP-Server · Issue #20 · openssl-net/openssl-net · GitHub
[go: up one dir, main page]

Skip to content
This repository was archived by the owner on Dec 15, 2022. It is now read-only.

Cannot complete handshake with Oracle-HTTP-Server #20

Open
jestemkojak opened this issue Jun 17, 2015 · 1 comment
Open

Cannot complete handshake with Oracle-HTTP-Server #20

jestemkojak opened this issue Jun 17, 2015 · 1 comment

Comments

@jestemkojak
Copy link

When calling
sslStream.AuthenticateAsClient(target, null, null, SslProtocols.Default, SslStrength.All, false);
I get the following SSL error:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

The handshake goes:
C->S TLSv1 440 Client Hello
S<-C TLSv1 124 Server Hello
S<-C TLSv1 1481 Certificate
C->S TLSv1 61 Alert (Level: Fatal, Description: Protocol Version)
S<-C TLSv1 61 Alert (Level: Fatal, Description: Close Notify)

openssl s_client connects correctly (tested on linux). The server supports only TLSv1. You can reproduce this problem by connecting to eg. www.tis-tadawul.com.sa on port 443

@paulvirag
Copy link

Debugged a similar issue in AuthenticateAsServer by rebuilding ssleay32 and poking around to see where the version gets set. My issue was caused by TLSv12_server_method being the default method for SslStreamServer - this was causing my server to reject any ClientHello with a version below TLS 1.2 (in my case TLS 1.0).

It seems that if you want the other party to be able to support a lower protocol version, you need to use SSLv23_server_method/SSLv23_client_method instead, which are special modes that allow OpenSSL to understand any protocol version but only allow the ones specified by your SslProtocols flags. See http://stackoverflow.com/questions/23709664/openssl-let-the-server-and-client-negotiate-the-method for a better explanation than mine :)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants
0