|

»

SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

View: New views

7 Messages — Rating Filter: Alert me

	SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol by Anil Tambe :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message hi, Operating System : HP-UX PA32 openssl - 0.9.8k Getting the Below error : error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol As of now i am not able to reproduce the issue in stand alone openssl , this is coming from the parent application which is consuming openssl. We try to post more detail information , till then .. does anybody have any idea about it ? has anybody encounter the issue ? This is observed only on HP-UX 11 11 PA machine. Thanks Anil
	RE: SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol by JoelKatz :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Anil Tambe wrote: > Getting the Below error : > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol > As of now i am not able to reproduce the issue in stand alone openssl, > this is coming from the parent application which is consuming openssl. What is the problem? Are clients unable to connect? Seeing this error in a log is perfectly normal and doesn't necessarily indicate any problem. This generally indicates a protocol mismatch on the two sides of a connection, which can occur very commonly on the Internet. For example, if someone types "http://www.example.com:4040/" instead of "https://www.example.com:4040/" one side will be speaking SSL and one side won't. Odds are the SSL-speaking side will find some SSL protocol violation, since the other side isn't speaking SSL at all. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@...
	Re: SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol by Anil Tambe :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Yes client is not able to connect and ssl23_get_client_hello is returning -1 and so its going in in s23_srvr.c . 568 if ((type < 1) \|\| (type > 3)) (gdb) n 571 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL); (gdb) n 572 goto err; The value of type is 0 . i.e which is set default .. i notice that the SSL passed to sl23_get_client_hello has value of packet as 0. (gdb) print p $10 = (unsigned char ) 0x403390b0 "[Security]\n\250" (gdb) print p[0] $12 = 0 (gdb) print p[1] $13 = 0 (gdb) print p[2] $14 = 0 (gdb) print p[3] $15 = 0 (gdb) print p[11] $16 = 0 Any suggestion what i should be looking at .. Any suggestion how do i reproduce this with openssl sample , i.e s_client and s_server ? Thanks Anil On Thu, Jun 18, 2009 at 10:45 AM, David Schwartz <davids@...> wrote: Anil Tambe wrote: > Getting the Below error : > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol > As of now i am not able to reproduce the issue in stand alone openssl, > this is coming from the parent application which is consuming openssl. What is the problem? Are clients unable to connect? Seeing this error in a log is perfectly normal and doesn't necessarily indicate any problem. This generally indicates a protocol mismatch on the two sides of a connection, which can occur very commonly on the Internet. For example, if someone types "http://www.example.com:4040/" instead of "https://www.example.com:4040/" one side will be speaking SSL and one side won't. Odds are the SSL-speaking side will find some SSL protocol violation, since the other side isn't speaking SSL at all. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@...
	Re: SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol by Anil Tambe :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message i guess in my case , server is not able to understand the client hello message .. any thoughts ? how do i debug it more .. On Thu, Jun 18, 2009 at 3:03 PM, Anil Tambe <tambe.anil@...> wrote: Yes client is not able to connect and ssl23_get_client_hello is returning -1 and so its going in in s23_srvr.c . 568 if ((type < 1) \|\| (type > 3)) (gdb) n 571 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL); (gdb) n 572 goto err; The value of type is 0 . i.e which is set default .. i notice that the SSL passed to sl23_get_client_hello has value of packet as 0. (gdb) print p $10 = (unsigned char ) 0x403390b0 "[Security]\n\250" (gdb) print p[0] $12 = 0 (gdb) print p[1] $13 = 0 (gdb) print p[2] $14 = 0 (gdb) print p[3] $15 = 0 (gdb) print p[11] $16 = 0 Any suggestion what i should be looking at .. Any suggestion how do i reproduce this with openssl sample , i.e s_client and s_server ? Thanks Anil On Thu, Jun 18, 2009 at 10:45 AM, David Schwartz <davids@...> wrote: Anil Tambe wrote: > Getting the Below error : > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol > As of now i am not able to reproduce the issue in stand alone openssl, > this is coming from the parent application which is consuming openssl. What is the problem? Are clients unable to connect? Seeing this error in a log is perfectly normal and doesn't necessarily indicate any problem. This generally indicates a protocol mismatch on the two sides of a connection, which can occur very commonly on the Internet. For example, if someone types "http://www.example.com:4040/" instead of "https://www.example.com:4040/" one side will be speaking SSL and one side won't. Odds are the SSL-speaking side will find some SSL protocol violation, since the other side isn't speaking SSL at all. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@...
	Re: SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol by Anil Tambe :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message hi all, More debug on server side suggests that the problem is with the packet that is send to the ssl23_get_client_hello method 264 p=s->packet; (gdb) n 266 memcpy(buf,p,n); (gdb) print p $6 = (unsigned char ) 0x4033bc00 "[Security]\n\370" here p[x] doesnt have any numeric values , and so p doesnt match any of the condition of ssl2 , ssl3 or tls1 , it returns unknown protocol. Any thoughts ? Thanks Anil On Wed, Jun 24, 2009 at 9:26 PM, Anil Tambe <tambe.anil@...> wrote: i guess in my case , server is not able to understand the client hello message .. any thoughts ? how do i debug it more .. On Thu, Jun 18, 2009 at 3:03 PM, Anil Tambe <tambe.anil@...> wrote: Yes client is not able to connect and ssl23_get_client_hello is returning -1 and so its going in in s23_srvr.c . 568 if ((type < 1) \|\| (type > 3)) (gdb) n 571 SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL); (gdb) n 572 goto err; The value of type is 0 . i.e which is set default .. i notice that the SSL passed to sl23_get_client_hello has value of packet as 0. (gdb) print p $10 = (unsigned char ) 0x403390b0 "[Security]\n\250" (gdb) print p[0] $12 = 0 (gdb) print p[1] $13 = 0 (gdb) print p[2] $14 = 0 (gdb) print p[3] $15 = 0 (gdb) print *p[11] $16 = 0 Any suggestion what i should be looking at .. Any suggestion how do i reproduce this with openssl sample , i.e s_client and s_server ? Thanks Anil On Thu, Jun 18, 2009 at 10:45 AM, David Schwartz <davids@...> wrote: Anil Tambe wrote: > Getting the Below error : > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol > As of now i am not able to reproduce the issue in stand alone openssl, > this is coming from the parent application which is consuming openssl. What is the problem? Are clients unable to connect? Seeing this error in a log is perfectly normal and doesn't necessarily indicate any problem. This generally indicates a protocol mismatch on the two sides of a connection, which can occur very commonly on the Internet. For example, if someone types "http://www.example.com:4040/" instead of "https://www.example.com:4040/" one side will be speaking SSL and one side won't. Odds are the SSL-speaking side will find some SSL protocol violation, since the other side isn't speaking SSL at all. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@...
	Re: SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol by wolfoftheair :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Your server is requiring something akin to a STARTTLS, is my guess. Try telnetting to it and figuring out what it says before it expects the ClientHello. -Kyle H On Thu, Jun 25, 2009 at 8:40 AM, Anil Tambe<tambe.anil@...> wrote: > hi all, > > More debug on server side suggests that the problem is with the packet that > is send to the ssl23_get_client_hello method > > 264 p=s->packet; > > (gdb) n > 266 memcpy(buf,p,n); > (gdb) print p > $6 = (unsigned char ) 0x4033bc00 "[Security]\n\370" > here p[x] doesnt have any numeric values , and so p doesnt match any of > the condition of ssl2 , ssl3 or tls1 , it returns unknown protocol. > > Any thoughts ? > Thanks > Anil > On Wed, Jun 24, 2009 at 9:26 PM, Anil Tambe <tambe.anil@...> wrote: >> >> i guess in my case , server is not able to understand the client hello >> message .. >> any thoughts ? how do i debug it more .. >> >> On Thu, Jun 18, 2009 at 3:03 PM, Anil Tambe <tambe.anil@...> wrote: >>> >>> Yes client is not able to connect and ssl23_get_client_hello is returning >>> -1 and so its going in >>> in s23_srvr.c . >>> >>> 568 if ((type < 1) \|\| (type > 3)) >>> (gdb) n >>> 571 >>> SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL); >>> (gdb) n >>> 572 goto err; >>> The value of type is 0 . i.e which is set default .. >>> i notice that the SSL passed to sl23_get_client_hello has value of packet >>> as 0. >>> (gdb) print p >>> $10 = (unsigned char ) 0x403390b0 "[Security]\n\250" >>> (gdb) print p[0] >>> $12 = 0 >>> (gdb) print p[1] >>> $13 = 0 >>> (gdb) print p[2] >>> $14 = 0 >>> (gdb) print p[3] >>> $15 = 0 >>> (gdb) print *p[11] >>> $16 = 0 >>> Any suggestion what i should be looking at .. >>> Any suggestion how do i reproduce this with openssl sample , i.e s_client >>> and s_server ? >>> Thanks >>> Anil >>> On Thu, Jun 18, 2009 at 10:45 AM, David Schwartz <davids@...> >>> wrote: >>>> >>>> Anil Tambe wrote: >>>> >>>> > Getting the Below error : >>>> >>>> > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol >>>> > As of now i am not able to reproduce the issue in stand alone openssl, >>>> > this is coming from the parent application which is consuming openssl. >>>> >>>> What is the problem? Are clients unable to connect? Seeing this error in >>>> a >>>> log is perfectly normal and doesn't necessarily indicate any problem. >>>> This >>>> generally indicates a protocol mismatch on the two sides of a >>>> connection, >>>> which can occur very commonly on the Internet. >>>> >>>> For example, if someone types "http://www.example.com:4040/" instead of >>>> "https://www.example.com:4040/" one side will be speaking SSL and one >>>> side >>>> won't. Odds are the SSL-speaking side will find some SSL protocol >>>> violation, >>>> since the other side isn't speaking SSL at all. >>>> >>>> DS >>>> >>>> >>>> ______________________________________________________________________ >>>> OpenSSL Project http://www.openssl.org >>>> User Support Mailing List openssl-users@... >>>> Automated List Manager majordomo@... >>> >> > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@...
	Re: SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol by Anil Tambe :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Below is the trace .. (gdb) bt #0 sock_read (b=0x401a5880, out=0x40342820 "[Security]\n", outl=11) at bss_sock.c:143 #1 0xa30bf4 in BIO_read (b=0x401a5880, out=0x40342820, outl=11) at bio_lib.c:212 #2 0xa0cc1c in ssl23_read_bytes (s=0x4015e0b0, n=11) at s23_pkt.c:105 #3 0x9f0094 in ssl23_get_client_hello (s=0x4015e0b0) at s23_srvr.c:261 #4 0x9efec4 in ssl23_accept (s=0x4015e0b0) at s23_srvr.c:203 #5 0x9f5310 in SSL_accept (s=0x4015e0b0) at ssl_lib.c:869 plain text is set on the out parameter by ret=readsocket(b->num,out,outl); it seems client is sending plain text ... Thanks Anil On Fri, Jun 26, 2009 at 2:17 AM, Kyle Hamilton <aerowolf@...> wrote: Your server is requiring something akin to a STARTTLS, is my guess. Try telnetting to it and figuring out what it says before it expects the ClientHello. -Kyle H On Thu, Jun 25, 2009 at 8:40 AM, Anil Tambe<tambe.anil@...> wrote: > hi all, > > More debug on server side suggests that the problem is with the packet that > is send to the ssl23_get_client_hello method > > 264 p=s->packet; > > (gdb) n > 266 memcpy(buf,p,n); > (gdb) print p > $6 = (unsigned char ) 0x4033bc00 "[Security]\n\370" > here p[x] doesnt have any numeric values , and so p doesnt match any of > the condition of ssl2 , ssl3 or tls1 , it returns unknown protocol. > > Any thoughts ? > Thanks > Anil > On Wed, Jun 24, 2009 at 9:26 PM, Anil Tambe <tambe.anil@...> wrote: >> >> i guess in my case , server is not able to understand the client hello >> message .. >> any thoughts ? how do i debug it more .. >> >> On Thu, Jun 18, 2009 at 3:03 PM, Anil Tambe <tambe.anil@...> wrote: >>> >>> Yes client is not able to connect and ssl23_get_client_hello is returning >>> -1 and so its going in >>> in s23_srvr.c . >>> >>> 568 if ((type < 1) \|\| (type > 3)) >>> (gdb) n >>> 571 >>> SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL); >>> (gdb) n >>> 572 goto err; >>> The value of type is 0 . i.e which is set default .. >>> i notice that the SSL passed to sl23_get_client_hello has value of packet >>> as 0. >>> (gdb) print p >>> $10 = (unsigned char ) 0x403390b0 "[Security]\n\250" >>> (gdb) print p[0] >>> $12 = 0 >>> (gdb) print p[1] >>> $13 = 0 >>> (gdb) print p[2] >>> $14 = 0 >>> (gdb) print p[3] >>> $15 = 0 >>> (gdb) print *p[11] >>> $16 = 0 >>> Any suggestion what i should be looking at .. >>> Any suggestion how do i reproduce this with openssl sample , i.e s_client >>> and s_server ? >>> Thanks >>> Anil >>> On Thu, Jun 18, 2009 at 10:45 AM, David Schwartz <davids@...> >>> wrote: >>>> >>>> Anil Tambe wrote: >>>> >>>> > Getting the Below error : >>>> >>>> > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol >>>> > As of now i am not able to reproduce the issue in stand alone openssl, >>>> > this is coming from the parent application which is consuming openssl. >>>> >>>> What is the problem? Are clients unable to connect? Seeing this error in >>>> a >>>> log is perfectly normal and doesn't necessarily indicate any problem. >>>> This >>>> generally indicates a protocol mismatch on the two sides of a >>>> connection, >>>> which can occur very commonly on the Internet. >>>> >>>> For example, if someone types "http://www.example.com:4040/" instead of >>>> "https://www.example.com:4040/" one side will be speaking SSL and one >>>> side >>>> won't. Odds are the SSL-speaking side will find some SSL protocol >>>> violation, >>>> since the other side isn't speaking SSL at all. >>>> >>>> DS >>>> >>>> >>>> ______________________________________________________________________ >>>> OpenSSL Project http://www.openssl.org >>>> User Support Mailing List openssl-users@... >>>> Automated List Manager majordomo@... >>> >> > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@... Automated List Manager majordomo@...