Hello,
Yesterday I finally upgraded to openssl 0.9.8d. But in my stunnel process
(using the Openssl libraries), indicating SSLv3, I now get errors, like:
"error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number"
A most elusive error, it seems. Google mentions it a couple of times, but
n
an iptrace
next to see if I can confirm my version. Thanks again!
.
Carlo Agopian
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Marek Marcola
Sent: Saturday, October 14, 2006 10:58 AM
To: openssl-users@openssl.org
Subject: Re: "SSL3_GET_
Hello,
> Thanks for the info. Is it possible that the client is using version 3
> while the server is using some other version? I'm seeing this
> error("error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
> number") in my client and I'm pretty sure that I'm setting the client's
> version t
I am having problems connecting to stunnel and was hoping someone
could help me.
I am trying to getting SSL "wrong version number" errors when I try
to send mail through an SSL proxy called Stunnel to my mail server.
Can anyone tell me what this SSL error means and how I can fix it?
When s
Hello,
> Yesterday I finally upgraded to openssl 0.9.8d. But in my stunnel process
> (using the Openssl libraries), indicating SSLv3, I now get errors, like:
>
> "error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number"
>
> A most elusive error, it seems. Google mentions it a couple of t
Hello,
> The output on the s_client side is as follows;
>
>
> SSL3 alert write:fatal:handshake failure
> 6389:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
> number:s3_pkt.c:288:
This means that client don't want to support received from
server SSL version.
> I am using the -ssl3 fla
On 12/11/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
> It almost seems like the server is accepted SSL3 msgs, but sending out
> another protocol type. Any suggestions?
If you using Linux, can you send ssldump or wireshark dump
of this session.
Here is an ssldump of s_client connecting to my s
On 12/11/06, chris busbey <[EMAIL PROTECTED]> wrote:
On 12/11/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
> > It almost seems like the server is accepted SSL3 msgs, but sending out
> > another protocol type. Any suggestions?
> If you using Linux, can you send ssldump or wireshark dump
> of this
On Mon, Dec 11, 2006 at 10:48:34AM -0600, chris busbey wrote:
> On 12/11/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
> >> It almost seems like the server is accepted SSL3 msgs, but sending out
> >> another protocol type. Any suggestions?
> >If you using Linux, can you send ssldump or wireshark d
On Mon, Dec 11, 2006 at 11:01:22AM -0600, chris busbey wrote:
> On 12/11/06, chris busbey <[EMAIL PROTECTED]> wrote:
> >On 12/11/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
> >> > It almost seems like the server is accepted SSL3 msgs, but sending out
> >> > another protocol type. Any suggestions
> Another trial forcing tls1 on both sides of the connection did not
> result in the above "Length Mismatch" error. Here is the output of
> that trial's ssl dump. Any thoughts?
>
> New TCP connection #67: localhost.localdomain(42489) <->
> localhost.localdomain(5758)
> 67 1 0.0032 (0.0032) C>S
Hello,
> On Mon, Dec 11, 2006 at 10:48:34AM -0600, chris busbey wrote:
>
> > On 12/11/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
> > >> It almost seems like the server is accepted SSL3 msgs, but sending out
> > >> another protocol type. Any suggestions?
> > >If you using Linux, can you send ssl
Hello,
Can you send ssldump with -aAdN options ?
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
__
OpenSSL Project http://www.openssl.org
User Support Mailing Listopenssl-
On 12/11/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
Can you send ssldump with -aAdN options ?
Certainly. (Certificate details have been obfuscated)
New TCP connection #8: localhost.localdomain(48429) <->
localhost.localdomain(5758)
8 1 0.0028 (0.0028) C>S SSLv2 compatible client hello
Ver
Hello,
> On 12/11/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
> > Can you send ssldump with -aAdN options ?
>
> Certainly. (Certificate details have been obfuscated)
>
> New TCP connection #8: localhost.localdomain(48429) <->
> localhost.localdomain(5758)
> 8 1 0.0028 (0.0028) C>S SSLv2 compat
On 12/11/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
This TLS1 looks good, but sorry I've forget xX options,
so output from "ssldump -aAdNxX" should give more information
(SSL packet dump) with ending error.
Hrm... ssldump fails during the handshake with a 'Length Mismatch"
error with the xX
Hello,
> Hrm... ssldump fails during the handshake with a 'Length Mismatch"
> error with the xX options. Here is the output;
>
> New TCP connection #5: localhost.localdomain(53503) <->
> localhost.localdomain(5758)
> 5 1 0.0024 (0.0024) C>S SSLv2 compatible client hello
> Version 3.1
> ciph
A quick update on this issue. After digging through some untouched
code, I discovered that the server was writing data directly to the
port instead of the SSL_SOCK_Stream. Problem solved. Thanks for all
of your help.
On 12/11/06, Marek Marcola <[EMAIL PROTECTED]> wrote:
Hello,
> Hrm... ssldum
James Brown wrote:
[ssmtp]
client = yes
accept = 465
connect = 192.168.1.31:25
Port numbers suggest you're going to setup SSL server
instead of SSL client. Just remove "client = yes" line.
Best regards,
Mike
__
OpenSSL P
On 04/10/2006, at 9:39 PM, Michal Trojnara wrote:
James Brown wrote:
[ssmtp]
client = yes
accept = 465
connect = 192.168.1.31:25
Port numbers suggest you're going to setup SSL server
instead of SSL client. Just remove "client = yes" line.
Best regards,
Mike
Thanks Mike.
I think I wa
20 matches
Mail list logo
