You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Dec 15, 2022. It is now read-only.
When calling sslStream.AuthenticateAsClient(target, null, null, SslProtocols.Default, SslStrength.All, false);
I get the following SSL error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
openssl s_client connects correctly (tested on linux). The server supports only TLSv1. You can reproduce this problem by connecting to eg. www.tis-tadawul.com.sa on port 443
The text was updated successfully, but these errors were encountered:
Debugged a similar issue in AuthenticateAsServer by rebuilding ssleay32 and poking around to see where the version gets set. My issue was caused by TLSv12_server_method being the default method for SslStreamServer - this was causing my server to reject any ClientHello with a version below TLS 1.2 (in my case TLS 1.0).
It seems that if you want the other party to be able to support a lower protocol version, you need to use SSLv23_server_method/SSLv23_client_method instead, which are special modes that allow OpenSSL to understand any protocol version but only allow the ones specified by your SslProtocols flags. See http://stackoverflow.com/questions/23709664/openssl-let-the-server-and-client-negotiate-the-method for a better explanation than mine :)
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
When calling
sslStream.AuthenticateAsClient(target, null, null, SslProtocols.Default, SslStrength.All, false);
I get the following SSL error:
error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
The handshake goes:
C->S TLSv1 440 Client Hello
S<-C TLSv1 124 Server Hello
S<-C TLSv1 1481 Certificate
C->S TLSv1 61 Alert (Level: Fatal, Description: Protocol Version)
S<-C TLSv1 61 Alert (Level: Fatal, Description: Close Notify)
openssl s_client connects correctly (tested on linux). The server supports only TLSv1. You can reproduce this problem by connecting to eg. www.tis-tadawul.com.sa on port 443
The text was updated successfully, but these errors were encountered: