SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
Anil Tambe
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
hi,
Operating System : HP-UX PA32
openssl - 0.9.8k
Getting the Below error :
error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
As of now i am not able to reproduce the issue in stand alone openssl
, this is coming from the parent application which is consuming
openssl.
We try to post more detail information , till then .. does anybody
have any idea about it ? has anybody encounter the issue ? This is
observed only on HP-UX 11 11 PA machine.
Thanks
Anil
--00163646c960dc538e046c981e10
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
hi,<div><br><div>Operating System : HP-UX PA32</div><div><br></div><div>ope=
nssl - 0.9.8k</div><div><br></div><div><br></div><div>Getting the Below err=
or :</div><div><br></div><div><span class=3D"Apple-style-span" style=3D"fon=
t-family: -webkit-monospace; font-size: 12px; white-space: pre; ">error:140=
760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol</span></div>
<div><span class=3D"Apple-style-span" style=3D"font-family: Verdana; font-s=
ize: 12px; "><pre>As of now i am not able to reproduce the issue in stand a=
lone openssl , this is coming from the parent application which is consumin=
g openssl.</pre>
<pre><br></pre><pre>We try to post more detail information , till then .. d=
oes anybody have any idea about it ? has anybody encounter the issue ? This=
is observed only on HP-UX 11 11 PA machine.</pre><pre> </pre><pre>Thanks</=
pre>
<pre>Anil</pre><pre><br></pre></span></div><div><br></div><div><br></div><d=
iv><br></div><div><br></div></div>
--00163646c960dc538e046c981e10--
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
David Schwartz
Anil Tambe wrote:
> Getting the Below error :
> error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
> As of now i am not able to reproduce the issue in stand alone openssl,
> this is coming from the parent application which is consuming openssl.
What is the problem? Are clients unable to connect? Seeing this error in a
log is perfectly normal and doesn't necessarily indicate any problem. This
generally indicates a protocol mismatch on the two sides of a connection,
which can occur very commonly on the Internet.
For example, if someone types "http://www.example.com:4040/" instead of
"https://www.example.com:4040/" one side will be speaking SSL and one side
won't. Odds are the SSL-speaking side will find some SSL protocol violation,
since the other side isn't speaking SSL at all.
DS
Anil Tambe
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Yes client is not able to connect and ssl23_get_client_hello is returning -1
and so its going in
in s23_srvr.c .
568 if ((type < 1) || (type > 3))
(gdb) n
571
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
(gdb) n
572 goto err;
The value of type is 0 . i.e which is set default ..
i notice that the SSL passed to sl23_get_client_hello has value of packet as
0.
(gdb) print p
$10 = (unsigned char *) 0x403390b0 "[Security]\n\250"
(gdb) print *p[0]
$12 = 0
(gdb) print *p[1]
$13 = 0
(gdb) print *p[2]
$14 = 0
(gdb) print *p[3]
$15 = 0
(gdb) print *p[11]
$16 = 0
Any suggestion what i should be looking at ..
Any suggestion how do i reproduce this with openssl sample , i.e s_client
and s_server ?
Thanks
Anil
--00163646c960acf560046c9c1a28
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Yes client is not able to connect and=A0ssl23_get_client_hello is returning=
-1 and so its going in=A0<div><br></div><div>in=A0s23_srvr.c .</div><div><=
br></div><div><br></div><div><div>568 =A0 =A0 =A0 =A0 =A0 =A0 if ((type <=
; 1) || (type > 3))</div>
<div>(gdb) n</div><div>571 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 SSLerr(S=
SL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);</div><div>(gdb) n</div=
><div>572 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 goto err;</div><div><br><=
/div><div>The value of type is 0 . i.e which is set default ..</div>
<div><br>i notice that the SSL passed to=A0sl23_get_client_hello has value =
of packet as 0.</div><div><br></div><div><div>(gdb) print p</div><div>$10 =
=3D (unsigned char *) 0x403390b0 "[Security]\n\250"</div><div>(gd=
b) print *p[0]</div>
<div>$12 =3D 0</div><div>(gdb) print *p[1]</div><div>$13 =3D 0</div><div>(g=
db) print *p[2]</div><div>$14 =3D 0</div><div>(gdb) print *p[3]</div><div>$=
15 =3D 0</div><div>(gdb) print *p[11]</div><div>$16 =3D 0</div><div><br></d=
iv></div>
<div>Any suggestion what i should be looking at ..=A0</div><div>Any suggest=
ion how do i reproduce this with openssl sample , i.e s_client and s_server=
?</div><div><br></div><div>Thanks<br></div><div>Anil</div><div><br></div>
<div class=3D"gmail_quote">On Thu, Jun 18, 2009 at 10:45 AM, David Schwartz=
<span dir=3D"ltr"><<a href=3D"mailto:dav...@webmaster.com">davids@webma=
ster.com</a>></span> wrote:<br><blockquote class=3D"gmail_quote" style=
=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class=3D"im"><br>
Anil Tambe wrote:<br>
<br>
> Getting the Below error :<br>
<br>
> error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol<br=
>
> As of now i am not able to reproduce the issue in stand alone openssl,=
<br>
> this is coming from the parent application which is consuming openssl.=
<br>
<br>
</div>What is the problem? Are clients unable to connect? Seeing this error=
in a<br>
log is perfectly normal and doesn't necessarily indicate any problem. T=
his<br>
generally indicates a protocol mismatch on the two sides of a connection,<b=
r>
which can occur very commonly on the Internet.<br>
<br>
For example, if someone types "<a href=3D"http://www.example.com:4040/=
" target=3D"_blank">http://www.example.com:4040/</a>" instead of<br>
"<a href=3D"https://www.example.com:4040/" target=3D"_blank">https://w=
ww.example.com:4040/</a>" one side will be speaking SSL and one side<b=
r>
won't. Odds are the SSL-speaking side will find some SSL protocol viola=
tion,<br>
since the other side isn't speaking SSL at all.<br>
<br>
DS<br>
<br>
<br>
______________________________________________________________________<br>
OpenSSL Project =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
=A0 <a href=3D"http://www.openssl.org" target=3D"_blank">http://www.openss=
l.org</a><br>
User Support Mailing List =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0<a href=3D=
"mailto:openss...@openssl.org">openss...@openssl.org</a><br>
Automated List Manager =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
<a href=3D"mailto:majo...@openssl.org">majo...@openssl.org</a><br>
</blockquote></div><br></div>
--00163646c960acf560046c9c1a28--
Anil Tambe
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
i guess in my case , server is not able to understand the client hello
message ..
any thoughts ? how do i debug it more ..
--00163646d5666939eb046d1a26a1
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
i guess in my case , server is not able to understand the client hello mess=
age ..=A0<div><br></div><div>any thoughts ? how do i debug it more ..</div>=
<div><br></div><div><br><div class=3D"gmail_quote">On Thu, Jun 18, 2009 at =
3:03 PM, Anil Tambe <span dir=3D"ltr"><<a href=3D"mailto:tambe.anil@gmai=
l.com">tambe...@gmail.com</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex;">Yes client is not able to connect and=A0ssl=
23_get_client_hello is returning -1 and so its going in=A0<div><br></div><d=
iv>in=A0s23_srvr.c .</div>
<div><br></div><div><br></div><div><div>568 =A0 =A0 =A0 =A0 =A0 =A0 if ((ty=
pe < 1) || (type > 3))</div>
<div>(gdb) n</div><div>571 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 SSLerr(S=
SL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);</div><div>(gdb) n</div=
><div>572 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 goto err;</div><div><br><=
/div><div>The value of type is 0 . i.e which is set default ..</div>
<div><br>i notice that the SSL passed to=A0sl23_get_client_hello has value =
of packet as 0.</div><div><br></div><div><div>(gdb) print p</div><div>$10 =
=3D (unsigned char *) 0x403390b0 "[Security]\n\250"</div><div>(gd=
b) print *p[0]</div>
<div>$12 =3D 0</div><div>(gdb) print *p[1]</div><div>$13 =3D 0</div><div>(g=
db) print *p[2]</div><div>$14 =3D 0</div><div>(gdb) print *p[3]</div><div>$=
15 =3D 0</div><div>(gdb) print *p[11]</div><div>$16 =3D 0</div><div><br></d=
iv></div>
<div>Any suggestion what i should be looking at ..=A0</div><div>Any suggest=
ion how do i reproduce this with openssl sample , i.e s_client and s_server=
?</div><div><br></div><div>Thanks<br></div><font color=3D"#888888"><div>An=
il</div>
</font><div><div></div><div class=3D"h5"><div><br></div>
<div class=3D"gmail_quote">On Thu, Jun 18, 2009 at 10:45 AM, David Schwartz=
<span dir=3D"ltr"><<a href=3D"mailto:dav...@webmaster.com" target=3D"_b=
lank">dav...@webmaster.com</a>></span> wrote:<br><blockquote class=3D"gm=
ail_quote" style=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-le=
ft:1ex">
<div><br>
"mailto:openss...@openssl.org" target=3D"_blank">openssl-users@openssl.=
org</a><br>
Automated List Manager =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
<a href=3D"mailto:majo...@openssl.org" target=3D"_blank">majordomo@openss=
l.org</a><br>
</blockquote></div><br></div></div></div>
</blockquote></div><br></div>
--00163646d5666939eb046d1a26a1--
Anil Tambe
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
hi all,
More debug on server side suggests that the problem is with the packet that
is send to the ssl23_get_client_hello method
264 p=s->packet;
(gdb) n
266 memcpy(buf,p,n);
(gdb) print p
$6 = (unsigned char *) 0x4033bc00 "[Security]\n\370"
here p[x] doesnt have any numeric values , and so p doesnt match any of
the condition of ssl2 , ssl3 or tls1 , it returns unknown protocol.
Any thoughts ?
Thanks
Anil
--001485f33a187854ba046d2e0ae4
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
hi all,<p class=3D"MsoNormal"><font face=3D"Arial" color=3D"navy" size=3D"2=
"><span style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">More deb=
ug on server side suggests that the problem is with the packet that is=20
send to=A0the=20
ssl23_get_client_hello method=A0</span></font></p>
<p class=3D"MsoNormal"><font face=3D"Arial" color=3D"navy" size=3D"2"><span=
style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">=A0=A0=A0<span =
class=3D"Apple-style-span" style=3D"color: rgb(0, 0, 0); font-family: arial=
; ">264 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 p=3Ds->packet;</span></s=
pan></font></p>
<div><div><div>=A0(gdb) n</div><div>=A0=A0 266 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 memcpy(buf,p,n);</div><div>=A0=A0 (gdb) print p</div><div>=A0=
=A0 $6 =3D (unsigned char *) 0x4033bc00 "[Security]\n\370"</div><=
div><br></div><div>=A0=A0 <span class=3D"Apple-tab-span" style=3D"white-spa=
ce:pre"> </span>here p[x] doesnt have any numeric values , and so p doesnt =
match any of the condition of ssl2 , ssl3 or tls1 , it returns unknown prot=
ocol.=A0</div>
<div>=A0=A0=A0</div><div>=A0=A0 =A0 =A0 =A0 =A0 =A0Any thoughts ?<span clas=
s=3D"Apple-tab-span" style=3D"white-space:pre"> </span></div><div><br>Thank=
s</div><div>Anil</div><br><div class=3D"gmail_quote">On Wed, Jun 24, 2009 a=
t 9:26 PM, Anil Tambe <span dir=3D"ltr"><<a href=3D"mailto:tambe.anil@gm=
ail.com">tambe...@gmail.com</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex;">i guess in my case , server is not able to =
understand the client hello message ..=A0<div><br></div><div>any thoughts ?=
how do i debug it more ..</div>
<div><div></div><div class=3D"h5"><div><br></div><div><br><div class=3D"gma=
il_quote">On Thu, Jun 18, 2009 at 3:03 PM, Anil Tambe <span dir=3D"ltr"><=
;<a href=3D"mailto:tambe...@gmail.com" target=3D"_blank">tambe.anil@gmail=
.com</a>></span> wrote:<br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">Yes client is not able to connect and=A0ssl2=
3_get_client_hello is returning -1 and so its going in=A0<div><br></div><di=
v>in=A0s23_srvr.c .</div>
<div><br></div><div><br></div><div><div>568 =A0 =A0 =A0 =A0 =A0 =A0 if ((ty=
pe < 1) || (type > 3))</div>
<div>(gdb) n</div><div>571 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 SSLerr(S=
SL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);</div><div>(gdb) n</div=
><div>572 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 goto err;</div><div><br><=
/div><div>The value of type is 0 . i.e which is set default ..</div>
<div><br>i notice that the SSL passed to=A0sl23_get_client_hello has value =
of packet as 0.</div><div><br></div><div><div>(gdb) print p</div><div>$10 =
=3D (unsigned char *) 0x403390b0 "[Security]\n\250"</div><div>(gd=
b) print *p[0]</div>
<div>$12 =3D 0</div><div>(gdb) print *p[1]</div><div>$13 =3D 0</div><div>(g=
db) print *p[2]</div><div>$14 =3D 0</div><div>(gdb) print *p[3]</div><div>$=
15 =3D 0</div><div>(gdb) print *p[11]</div><div>$16 =3D 0</div><div><br></d=
iv></div>
<div>Any suggestion what i should be looking at ..=A0</div><div>Any suggest=
ion how do i reproduce this with openssl sample , i.e s_client and s_server=
?</div><div><br></div><div>Thanks<br></div><font color=3D"#888888"><div>An=
il</div>
</font><div><div></div><div><div><br></div>
</div></div></blockquote></div><br></div></div>
--001485f33a187854ba046d2e0ae4--
Kyle Hamilton
Try telnetting to it and figuring out what it says before it expects
the ClientHello.
-Kyle H
On Thu, Jun 25, 2009 at 8:40 AM, Anil Tambe<tambe...@gmail.com> wrote:
> hi all,
>
> More debug on server side suggests that the problem is with the packet th=
at
> is send to=C2=A0the ssl23_get_client_hello method
>
> =C2=A0=C2=A0=C2=A0264 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 p=3Ds->packet;
>
> =C2=A0(gdb) n
> =C2=A0=C2=A0 266 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 memcpy(buf,p,n);
> =C2=A0=C2=A0 (gdb) print p
> =C2=A0=C2=A0 $6 =3D (unsigned char *) 0x4033bc00 "[Security]\n\370"
> =C2=A0=C2=A0 here p[x] doesnt have any numeric values , and so p doesnt m=
atch any of
> the condition of ssl2 , ssl3 or tls1 , it returns unknown protocol.
>
> =C2=A0=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0Any thoughts ?
> Thanks
> Anil
> On Wed, Jun 24, 2009 at 9:26 PM, Anil Tambe <tambe...@gmail.com> wrote:
>>
>> i guess in my case , server is not able to understand the client hello
>> message ..
>> any thoughts ? how do i debug it more ..
>>
>> On Thu, Jun 18, 2009 at 3:03 PM, Anil Tambe <tambe...@gmail.com> wrote=
:
>>>
>>> Yes client is not able to connect and=C2=A0ssl23_get_client_hello is re=
turning
>>> -1 and so its going in
>>> in=C2=A0s23_srvr.c .
>>>
>>> 568 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 if ((type < 1) || (type >=
3))
>>> (gdb) n
>>> 571
>>> SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNKNOWN_PROTOCOL);
>>> (gdb) n
>>> 572 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 goto err;
>>> The value of type is 0 . i.e which is set default ..
>>> i notice that the SSL passed to=C2=A0sl23_get_client_hello has value of=
packet
>>> as 0.
>>> (gdb) print p
>>> $10 =3D (unsigned char *) 0x403390b0 "[Security]\n\250"
>>> (gdb) print *p[0]
>>> $12 =3D 0
>>> (gdb) print *p[1]
>>> $13 =3D 0
>>> (gdb) print *p[2]
>>> $14 =3D 0
>>> (gdb) print *p[3]
>>> $15 =3D 0
>>> (gdb) print *p[11]
>>> $16 =3D 0
>>> Any suggestion what i should be looking at ..
>>> Any suggestion how do i reproduce this with openssl sample , i.e s_clie=
nt
>>> and s_server ?
>>> Thanks
>>> Anil
>>> On Thu, Jun 18, 2009 at 10:45 AM, David Schwartz <dav...@webmaster.com>
>>> wrote:
>>>>
>>>> Anil Tambe wrote:
>>>>
>>>> > Getting the Below error :
>>>>
>>>> > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
>>>> > As of now i am not able to reproduce the issue in stand alone openss=
l,
>>>> > this is coming from the parent application which is consuming openss=
l.
>>>>
>>>> What is the problem? Are clients unable to connect? Seeing this error =
in
>>>> a
>>>> log is perfectly normal and doesn't necessarily indicate any problem.
>>>> This
>>>> generally indicates a protocol mismatch on the two sides of a
>>>> connection,
>>>> which can occur very commonly on the Internet.
>>>>
>>>> For example, if someone types "http://www.example.com:4040/" instead o=
f
>>>> "https://www.example.com:4040/" one side will be speaking SSL and one
>>>> side
>>>> won't. Odds are the SSL-speaking side will find some SSL protocol
>>>> violation,
>>>> since the other side isn't speaking SSL at all.
>>>>
>>>> DS
>>>>
>>>>
>>>> ______________________________________________________________________
>>>> OpenSSL Project =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 http://www.open=
ssl.org
>>>> User Support Mailing List =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =
=C2=A0 =C2=A0 =C2=A0 =C2=A0opens...@openssl.org
>>>> Automated List Manager =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=
=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 majo...@openssl.org