Re: SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

Yes client is not able to connect and ssl23_get_client_hello is returning -1 and so its going in 

in s23_srvr.c .

568             if ((type < 1) || (type > 3))

(gdb) n

571                     SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);

(gdb) n

572                     goto err;

The value of type is 0 . i.e which is set default ..

i notice that the SSL passed to sl23_get_client_hello has value of packet as 0.

(gdb) print p

$10 = (unsigned char *) 0x403390b0 "[Security]\n\250"

(gdb) print *p[0]

$12 = 0

(gdb) print *p[1]

$13 = 0

(gdb) print *p[2]

$14 = 0

(gdb) print *p[3]

$15 = 0

(gdb) print *p[11]

$16 = 0

Any suggestion what i should be looking at .. 

Any suggestion how do i reproduce this with openssl sample , i.e s_client and s_server ?

Thanks

Anil

On Thu, Jun 18, 2009 at 10:45 AM, David Schwartz <davids@...> wrote:

Anil Tambe wrote:

> Getting the Below error :

> error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> As of now i am not able to reproduce the issue in stand alone openssl,
> this is coming from the parent application which is consuming openssl.

What is the problem? Are clients unable to connect? Seeing this error in a
log is perfectly normal and doesn't necessarily indicate any problem. This
generally indicates a protocol mismatch on the two sides of a connection,
which can occur very commonly on the Internet.

For example, if someone types "http://www.example.com:4040/" instead of
"https://www.example.com:4040/" one side will be speaking SSL and one side
won't. Odds are the SSL-speaking side will find some SSL protocol violation,
since the other side isn't speaking SSL at all.

DS


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...