Hi,
I
have a setup where the handshake between openssl server and client
fails at times but not always. And when it does, the client keeps
retrying and all of trials fail. Only way to recover is to restart the
server.Currently on the server side the openssl version that I have installed is 1.0.1m.
On the server side application, I have set the following options;
pCtx = SSL_CTX_new(SSLv23_server_method());
SSL_CTX_set_options(pCtx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(pCtx, SSL_OP_NO_SSLv3);
SSL_CTX_set_options(pCtx, SSL_OP_NO_TLSv1);
pCtx = SSL_CTX_new(SSLv23_server_
SSL_CTX_set_options(pCtx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(pCtx, SSL_OP_NO_SSLv3);
SSL_CTX_set_options(pCtx, SSL_OP_NO_TLSv1);
InfoCB
HANDSHAKE_START(time:5093879) undefined: before/accept initialization
InfoCB
SSL_accept:before/accept initialization
InfoCB
SSL3 alert write:fatal:internal error
PrintCB
error:1408A044:SSL routines:SSL3_GET_CLIENT_
InfoCB
SSL_accept:error in SSLv3 read client hello C
InfoCB
SSL_accept:error in SSLv3 read client hello C
------------------------------
/*
* Check if we want to use external pre-shared secret for this handshake
* for not reused session only. We need to generate server_random before
* calling tls_session_secret_cb in order to allow SessionTicket
* processing to use it in key derivation.
*/
{
unsigned char *pos;
pos = s->s3->server_random;
if (ssl_fill_hello_random(s, 1, pos, SSL3_RANDOM_SIZE) <= 0) {
#ifdef USER_EXTENSIONS
SSLerr(SSL_F_SSL3_GET_CLIENT_
#endif // USER_EXTENSIONS
goto f_err;
}
}
------------------------------
Note, I have edited the SSL library to include this USER_EXTENSIONS section, so that I could confirm where exactly this issue is happening in the library.
Any pointers on addressing this issue will be a big help.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
