This might have the same cause as the problem I encountered. Brad Whetmore from Sun helped me find this.
According to TLS (which can be found e.g. here: http://www.ietf.org/rfc/rfc2246.txt ), in the final message exchanges from the TLS handshake, a client key exchange message is sent by the client. The client key exchange message contains a RSA encrypted premaster secret message, which in turn contains a field with the "The latest (newest) version supported by the client.". In case of TLS, this would be 3.1. But due to the fact that some older servers did not behave correctly, some SSL client libraries send the protocol version number as agreed upon in the handshake (this is wrong according to TLS spec, but compatible to the old servers). This means they start with a 3.1 ClientHello, and after agreeing on protocol version 3.0 (SSLv3) they send a premaster secret with 3.0 as the version number. A correctly implemented TLS server will expect a 3.1 here. [this would explain the "SSL3_GET_RECORD:wrong version number" error you observed]. In my case, this wrong version number led to a "bad_record_mac" error as mentioned. I've encountered this behaviour in JSSE 1.0.2 and iSaSiLk 3.03 from http://www.iaik.at/ . The workaround I use is to limit the version the client is supposed to use to 3.0 (SSLv3), since the server was only allowed to speak SSLv3 (by policy). Even broken clients will work then since they do not start with 3.1 in the ClientHello, so the (correctly implemented) server won't expect a 3.1 in the premaster secret. Unfortunately, JSSE 1.0.2 provides no interface to do this (iSaSiLk does), but this has been improved in the new JSSE version found in JDK1.4, from what I saw. For your problem the best solution might be to find out why the client and the server do not agree on TLS - according to the protocol you've sent they decide to use SSLv2. SSLv2 had some security flaws and should not be used when SSLv3 or even TLS is available, so you should look into this anyway. [for more details on the security of SSLv2, see Eric Rescorla's "SSL and TLS" book]. Best Regards, David Kevin Regan wrote: > Hi, > > The client and server are hanging at the moment (I have them both set up to > defer the handshake until they actually start doing reads and writes). Here > is the output from the Java (client) side: > > %% No cached client session > *** ClientHello, v3.1 > RandomCookie: GMT: 1001529913 bytes = { 73, 47, 149, 28, 97, 17, 208, 173, > 40, 253, 177, 188, 173, 223, 166, 36, 123, 114, 130, 35, 168, 26, 51, 5, 70, > 108, 161, 1 } > Session ID: {} > Cipher Suites: { 0, 5 } > Compression Methods: { 0 } > *** > [write] MD5 and SHA1 hashes: len = 45 > 0000: 01 00 00 29 03 01 3C B2 22 39 49 2F 95 1C 61 11 ...)..<."9I/..a. > 0010: D0 AD 28 FD B1 BC AD DF A6 24 7B 72 82 23 A8 1A ..(......$.r.#.. > 0020: 33 05 46 6C A1 01 00 00 02 00 05 01 00 3.Fl......... > main, WRITE: SSL v3.1 Handshake, length = 45 > [write] MD5 and SHA1 hashes: len = 44 > 0000: 01 03 01 00 03 00 00 00 20 00 00 05 3C B2 22 39 ........ ...<."9 > 0010: 49 2F 95 1C 61 11 D0 AD 28 FD B1 BC AD DF A6 24 I/..a...(......$ > 0020: 7B 72 82 23 A8 1A 33 05 46 6C A1 01 .r.#..3.Fl.. > main, WRITE: SSL v2, contentType = 22, translated length = 16343 > > and here is what I get on the server (OpenSSL) when I Ctrl-C the client: > > 26747:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version > number:s3_pkt.c:290: > > This happens when I select "TLSv1" on the Java side and > "TLSv1_server_method" on the OpenSSL side. "TLSv1" on the Java side and > "SSLv23_server_method" (but not "SSLv3_server_method") works fine. > > Sincerely, > Kevin Regan > > p.s. Here are the results if I use "SSLv23_server_method" on the server > (OpenSSL) side: > > %% No cached client session > *** ClientHello, v3.1 > RandomCookie: GMT: 1001530276 bytes = { 172, 253, 8, 146, 32, 73, 123, 236, > 6, 158, 8, 44, 163, 203, 46, 192, 149, 74, 76, 95, 83, 45, 238, 252, 101, > 90, 56, 164 } > Session ID: {} > Cipher Suites: { 0, 5 } > Compression Methods: { 0 } > *** > [write] MD5 and SHA1 hashes: len = 45 > 0000: 01 00 00 29 03 01 3C B2 24 A4 AC FD 08 92 20 49 ...)..<.$..... I > 0010: 7B EC 06 9E 08 2C A3 CB 2E C0 95 4A 4C 5F 53 2D .....,.....JL_S- > 0020: EE FC 65 5A 38 A4 00 00 02 00 05 01 00 ..eZ8........ > main, WRITE: SSL v3.1 Handshake, length = 45 > [write] MD5 and SHA1 hashes: len = 44 > 0000: 01 03 01 00 03 00 00 00 20 00 00 05 3C B2 24 A4 ........ ...<.$. > 0010: AC FD 08 92 20 49 7B EC 06 9E 08 2C A3 CB 2E C0 .... I.....,.... > 0020: 95 4A 4C 5F 53 2D EE FC 65 5A 38 A4 .JL_S-..eZ8. > main, WRITE: SSL v2, contentType = 22, translated length = 16343 > main, READ: SSL v3.1 Handshake, length = 74 > *** ServerHello, v3.1 > RandomCookie: GMT: 1001530276 bytes = { 255, 255, 162, 129, 107, 43, 125, > 172, 178, 161, 8, 129, 114, 95, 184, 52, 174, 204, 212, 94, 214, 34, 100, > 15, 123, 6, 112, 150 } > Session ID: {249, 243, 66, 107, 91, 54, 214, 205, 129, 246, 12, 116, 74, > 151, 254, 124, 0, 15, 107, 140, 84, 135, 62, 65, 108, 38, 145, 148, 140, > 114, 175, 20} > Cipher Suite: { 0, 5 } > Compression Method: 0 > *** > %% Created: [Session-1, SSL_RSA_WITH_RC4_128_SHA] > ** SSL_RSA_WITH_RC4_128_SHA > [read] MD5 and SHA1 hashes: len = 74 > 0000: 02 00 00 46 03 01 3C B2 24 A4 FF FF A2 81 6B 2B ...F..<.$.....k+ > 0010: 7D AC B2 A1 08 81 72 5F B8 34 AE CC D4 5E D6 22 ......r_.4...^." > 0020: 64 0F 7B 06 70 96 20 F9 F3 42 6B 5B 36 D6 CD 81 d...p. ..Bk[6... > 0030: F6 0C 74 4A 97 FE 7C 00 0F 6B 8C 54 87 3E 41 6C ..tJ.....k.T.>Al > 0040: 26 91 94 8C 72 AF 14 00 05 00 &...r..... > main, READ: SSL v3.1 Handshake, length = 440 > *** Certificate chain > chain [0] = [ > [ > Version: V4 > Subject: CN=NetIQ Corporation > Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 > > Key: com.sun.net.ssl.internal.ssl.JSA_RSAPublicKey@763f5d > Validity: [From: Tue Apr 02 16:17:03 CST 2002, > To: Sun Apr 01 17:17:03 CDT 2007] > Issuer: CN=NetIQ Corporation > SerialNumber: [ 0 ] > > ] > Algorithm: [MD5withRSA] > Signature: > 0000: BA 70 EB 71 D1 96 96 44 A8 F7 37 E8 5E 6B 4C B4 .p.q...D..7.^kL. > 0010: 19 24 CE 1D DC 1A DD 35 F3 DA F2 E1 AF 0A 06 3B .$.....5.......; > 0020: E4 A3 AA 2E FD 6D 5D E9 60 D0 E7 49 76 E3 71 BE .....m].`..Iv.q. > 0030: 1C DA D1 08 75 9E 87 C6 05 62 DC 3C 55 F0 5D 31 ....u....b.<U.]1 > 0040: E0 EB 35 0A E6 C6 BF BF 1C EC 09 D3 BC AB 49 5B ..5...........I[ > 0050: A1 82 1D E2 FE ED DE C9 0C AA D2 72 84 1B 7C 4D ...........r...M > 0060: C7 1B A7 D6 02 C0 97 0C 3D 66 5F D2 A1 29 B8 05 ........=f_..).. > 0070: EA D5 B6 E9 35 DF 42 33 F7 16 B2 7A A2 59 DC F2 ....5.B3...z.Y.. > > ] > *** > Checking server trusted. > Server trusted. > [read] MD5 and SHA1 hashes: len = 440 > 0000: 0B 00 01 B4 00 01 B1 00 01 AE 30 82 01 AA 30 82 ..........0...0. > 0010: 01 13 A0 03 02 01 03 02 01 00 30 0D 06 09 2A 86 ..........0...*. > 0020: 48 86 F7 0D 01 01 04 05 00 30 1C 31 1A 30 18 06 H........0.1.0.. > 0030: 03 55 04 03 13 11 4E 65 74 49 51 20 43 6F 72 70 .U....NetIQ Corp > 0040: 6F 72 61 74 69 6F 6E 30 1E 17 0D 30 32 30 34 30 oration0...02040 > 0050: 32 32 32 31 37 30 33 5A 17 0D 30 37 30 34 30 31 2221703Z..070401 > 0060: 32 32 31 37 30 33 5A 30 1C 31 1A 30 18 06 03 55 221703Z0.1.0...U > 0070: 04 03 13 11 4E 65 74 49 51 20 43 6F 72 70 6F 72 ....NetIQ Corpor > 0080: 61 74 69 6F 6E 30 81 9D 30 0D 06 09 2A 86 48 86 ation0..0...*.H. > 0090: F7 0D 01 01 01 05 00 03 81 8B 00 30 81 87 02 81 ...........0.... > 00A0: 81 00 BA F1 6E FB D5 A7 73 81 FB C2 AB D2 1B 5D ....n...s......] > 00B0: 29 26 83 5A BC 47 C7 13 9A FF B0 6A 16 36 87 1B )&.Z.G.....j.6.. > 00C0: 1C 67 D7 C0 63 E4 C2 B5 21 8A 14 17 FA 14 F6 7F .g..c...!....... > 00D0: 5D EF AF E0 52 C5 0F 9F C2 95 B5 2E 5A A2 6B 68 ]...R.......Z.kh > 00E0: 13 07 78 84 50 4A 0B 0D F5 E6 2F 63 C4 30 9B 4D ..x.PJ..../c.0.M > 00F0: 9E 89 98 9F 28 A8 CF 45 0C 32 82 EB D9 80 E4 84 ....(..E.2...... > 0100: DF BC 54 97 7E CD C7 54 E1 E8 1D 44 4D 33 0F D5 ..T....T...DM3.. > 0110: 53 C9 96 3F 7E 42 FA 24 71 D0 0F 1F 63 81 CD 87 S..?.B.$q...c... > 0120: E0 D1 02 01 03 30 0D 06 09 2A 86 48 86 F7 0D 01 .....0...*.H.... > 0130: 01 04 05 00 03 81 81 00 BA 70 EB 71 D1 96 96 44 .........p.q...D > 0140: A8 F7 37 E8 5E 6B 4C B4 19 24 CE 1D DC 1A DD 35 ..7.^kL..$.....5 > 0150: F3 DA F2 E1 AF 0A 06 3B E4 A3 AA 2E FD 6D 5D E9 .......;.....m]. > 0160: 60 D0 E7 49 76 E3 71 BE 1C DA D1 08 75 9E 87 C6 `..Iv.q.....u... > 0170: 05 62 DC 3C 55 F0 5D 31 E0 EB 35 0A E6 C6 BF BF .b.<U.]1..5..... > 0180: 1C EC 09 D3 BC AB 49 5B A1 82 1D E2 FE ED DE C9 ......I[........ > 0190: 0C AA D2 72 84 1B 7C 4D C7 1B A7 D6 02 C0 97 0C ...r...M........ > 01A0: 3D 66 5F D2 A1 29 B8 05 EA D5 B6 E9 35 DF 42 33 =f_..)......5.B3 > 01B0: F7 16 B2 7A A2 59 DC F2 ...z.Y.. > main, READ: SSL v3.1 Handshake, length = 4 > *** ServerHelloDone > [read] MD5 and SHA1 hashes: len = 4 > 0000: 0E 00 00 00 .... > JsseJCE: Using JSSE internal implementation for cipher RSA/ECB/PKCS1Padding > *** ClientKeyExchange, RSA PreMasterSecret, v3.1 > Random Secret: { 3, 1, 53, 55, 115, 122, 37, 120, 36, 192, 227, 62, 255, > 76, 181, 23, 16, 252, 97, 180, 82, 187, 95, 17, 251, 144, 53, 254, 90, 224, > 57, 73, 124, 62, 114, 187, 223, 116, 169, 227, 31, 75, 217, 78, 119, 79, 48, > 197 } > [write] MD5 and SHA1 hashes: len = 134 > 0000: 10 00 00 82 00 80 16 2D B1 52 76 E4 63 49 78 7D .......-.Rv.cIx. > 0010: 5C 5B B0 92 ED 9F BA FD A1 B3 25 F9 39 B0 AD BB \[........%.9... > 0020: FE C4 E2 87 82 B3 FD 9B 20 85 DC 18 17 DF DE 4D ........ ......M > 0030: 7B 3A 5F AE 32 25 A2 F8 AB 7C C6 4C 68 4D 3B E8 .:_.2%.....LhM;. > 0040: 11 92 68 83 33 86 53 66 A6 C7 44 1E B1 17 3E 52 ..h.3.Sf..D...>R > 0050: D5 C1 14 1D D0 AE 15 BA EE 51 F1 DF CA 17 6A BB .........Q....j. > 0060: 24 6C A8 89 06 FF B6 8B 67 B1 D2 87 EA 89 BE 8D $l......g....... > 0070: 21 88 07 8D 26 A9 D0 94 C6 37 45 58 EF 97 7D 32 !...&....7EX...2 > 0080: CF E0 3B CF 88 D1 ..;... > main, WRITE: SSL v3.1 Handshake, length = 134 > SESSION KEYGEN: > PreMaster Secret: > 0000: 03 01 35 37 73 7A 25 78 24 C0 E3 3E FF 4C B5 17 ..57sz%x$..>.L.. > 0010: 10 FC 61 B4 52 BB 5F 11 FB 90 35 FE 5A E0 39 49 ..a.R._...5.Z.9I > 0020: 7C 3E 72 BB DF 74 A9 E3 1F 4B D9 4E 77 4F 30 C5 .>r..t...K.NwO0. > CONNECTION KEYGEN: > Client Nonce: > 0000: 3C B2 24 A4 AC FD 08 92 20 49 7B EC 06 9E 08 2C <.$..... I....., > 0010: A3 CB 2E C0 95 4A 4C 5F 53 2D EE FC 65 5A 38 A4 .....JL_S-..eZ8. > Server Nonce: > 0000: 3C B2 24 A4 FF FF A2 81 6B 2B 7D AC B2 A1 08 81 <.$.....k+...... > 0010: 72 5F B8 34 AE CC D4 5E D6 22 64 0F 7B 06 70 96 r_.4...^."d...p. > Master Secret: > 0000: DE 8F A2 35 06 4C 0A DD 6B 5C DF 6A 03 2A FD 3A ...5.L..k\.j.*.: > 0010: C4 94 BC 4F 15 B3 01 44 02 B2 CE 7B FB 59 E5 CF ...O...D.....Y.. > 0020: 46 3B 78 6C 45 05 8C C6 C4 79 11 87 24 EE F7 36 F;xlE....y..$..6 > Client MAC write Secret: > 0000: 36 1A 57 C3 C3 C0 72 34 4C 76 13 E4 88 91 5A 7E 6.W...r4Lv....Z. > 0010: DD 22 B7 66 > Server MAC write Secret: > 0000: 6E E7 24 22 00 23 2C A5 CE BB 06 1F C3 4A 22 7A n.$".#,......J"z > 0010: 51 E6 E0 E9 Q... > Client write key: > 0000: 19 DE 60 FD D5 E1 38 4C 90 69 61 A5 27 C4 41 DF ..`...8L.ia.'.A. > Server write key: > 0000: 90 E4 58 F6 23 75 95 CC BD D9 53 1E 76 B7 48 69 ..X.#u....S.v.Hi > ... no IV for cipher > main, WRITE: SSL v3.1 Change Cipher Spec, length = 1 > JsseJCE: Using JSSE internal implementation for cipher RC4 > *** Finished, v3.1 > verify_data: { 143, 44, 227, 164, 115, 193, 4, 159, 155, 98, 214, 240 } > *** > [write] MD5 and SHA1 hashes: len = 16 > 0000: 14 00 00 0C 8F 2C E3 A4 73 C1 04 9F 9B 62 D6 F0 .....,..s....b.. > Plaintext before ENCRYPTION: len = 36 > 0000: 14 00 00 0C 8F 2C E3 A4 73 C1 04 9F 9B 62 D6 F0 .....,..s....b.. > 0010: 51 18 82 39 13 28 33 6B 65 D3 09 EF 21 43 99 F0 Q..9.(3ke...!C.. > 0020: D8 CA 13 C6 .... > main, WRITE: SSL v3.1 Handshake, length = 36 > main, READ: SSL v3.1 Change Cipher Spec, length = 1 > JsseJCE: Using JSSE internal implementation for cipher RC4 > main, READ: SSL v3.1 Handshake, length = 36 > Plaintext after DECRYPTION: len = 36 > 0000: 14 00 00 0C 23 B4 BF 59 C1 85 6B 0C 89 5E A8 05 ....#..Y..k..^.. > 0010: 40 1B 34 3D 6E 4A 8C 4C 03 0A 5C 01 C0 EC B4 5A @.4=nJ.L..\....Z > 0020: CB F2 1A A3 .... > *** Finished, v3.1 > verify_data: { 35, 180, 191, 89, 193, 133, 107, 12, 137, 94, 168, 5 } > *** > %% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_SHA] > [read] MD5 and SHA1 hashes: len = 16 > 0000: 14 00 00 0C 23 B4 BF 59 C1 85 6B 0C 89 5E A8 05 ....#..Y..k..^.. > Plaintext before ENCRYPTION: len = 31 > 0000: 48 65 6C 6C 6F 20 57 6F 72 6C 64 AD 37 64 A0 72 Hello World.7d.r > 0010: 2B 22 0D C1 FE C3 26 60 F5 EC 86 59 1F E8 6A +"....&`...Y..j > main, WRITE: SSL v3.1 Application Data, length = 31 > main, READ: SSL v3.1 Application Data, length = 21 > Plaintext after DECRYPTION: len = 21 > 0000: 48 C5 96 0A DF F8 F4 4B BC 6A 33 C9 72 28 D0 2F H......K.j3.r(./ > 0010: C8 12 18 7B 41 ....A > main, READ: SSL v3.1 Application Data, length = 21 > Plaintext after DECRYPTION: len = 21 > 0000: 65 28 6B 84 B0 B3 73 66 EE 0B DA B7 F3 13 72 B2 e(k...sf......r. > 0010: D9 A0 D4 16 6D ....m > main, READ: SSL v3.1 Application Data, length = 21 > Plaintext after DECRYPTION: len = 21 > 0000: 6C B6 D0 ED DC A3 1E 5C 28 CB 30 B1 A5 9C 74 FB l......\(.0...t. > 0010: 3C 7C 50 35 DF <.P5. > main, READ: SSL v3.1 Application Data, length = 21 > Plaintext after DECRYPTION: len = 21 > 0000: 6C 89 C7 AF 5B D6 D2 BC 44 AA B8 07 77 C8 1E F5 l...[...D...w... > 0010: 74 C6 15 C1 22 t..." > main, READ: SSL v3.1 Application Data, length = 21 > Plaintext after DECRYPTION: len = 21 > 0000: 6F 56 4C D7 72 6D 4E FC CE ED 70 46 5E 14 5B 01 oVL.rmN...pF^.[. > 0010: BC 77 91 36 10 .w.6. > main, READ: SSL v3.1 Application Data, length = 21 > Plaintext after DECRYPTION: len = 21 > 0000: 20 9C E2 78 B3 1D 71 64 A7 BD D2 FB FD EB 10 3F ..x..qd.......? > 0010: BE 33 7A 61 72 .3zar > main, READ: SSL v3.1 Application Data, length = 21 > Plaintext after DECRYPTION: len = 21 > 0000: 57 67 A8 D1 33 6A C2 3C 8E EB 4F F2 C9 87 A2 F3 Wg..3j.<..O..... > 0010: 34 F8 9C 2B 22 4..+" > main, READ: SSL v3.1 Application Data, length = 21 > Plaintext after DECRYPTION: len = 21 > 0000: 6F 83 27 31 45 63 44 E3 D5 90 36 A8 10 92 5A C2 o.'1EcD...6...Z. > 0010: 92 06 3E 07 E2 ..>.. > main, READ: SSL v3.1 Application Data, length = 21 > Plaintext after DECRYPTION: len = 21 > 0000: 72 BD 36 F7 B0 8E DF DD 5B 9B 22 4C 51 8E E8 DA r.6.....[."LQ... > 0010: ED BE A5 0F 53 ....S > main, READ: SSL v3.1 Application Data, length = 21 > Plaintext after DECRYPTION: len = 21 > 0000: 6C FF C7 5B 71 3F 71 BF 02 1A 64 DF F4 6D AC A3 l..[q?q...d..m.. > 0010: 93 43 00 73 1C .C.s. > main, READ: SSL v3.1 Application Data, length = 21 > Plaintext after DECRYPTION: len = 21 > 0000: 64 AE 26 F2 DF A7 9F D6 E4 79 59 7B D2 77 FC 24 d.&......yY..w.$ > 0010: 08 2F A2 3C EB ./.<. > > etc... > > Kevin Regan wrote: > > I've run into the handshake problem with OpenSSL and Java JSSE. If I > change > > the method used to create the SSL context from TLSv1_server_method to > > SSLv23_server_method, the problem is fixed. > > Which version of JSSE are you using, and can you provide debug output? > > You can get excellent verbose debug output in JSSE if you use this command > line switch: -Djavax.net.debug=ssl,handshake,data,trustmanager when calling > your java application, i.e. in windows java.exe > > -Djavax.net.debug=ssl,handshake,data,trustmanager MyClass > > Recently - in a rather painful process - I found the cause for a BAD RECORD > MAC SSL error sent in the server hello msg, after my JSSE SSL client sent an > incorrect finish msg... > > Best Regards, > David Maurus > > Kevin Regan > Technical Lead > Houston UNIX Team > Office: 2200 > Phone: 713-548-1767 > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
