----- Mail original ----- > De: "Matt Caswell" <matt@xxxxxxxxxxx> > À: "openssl-users" <openssl-users@xxxxxxxxxxx> > Envoyé: Mardi 16 Janvier 2018 14:57:28 > Objet: Re: Multiple reconnection in OpenSSL 1.1.0 > On 16/01/18 13:35, Huy Cong Vu wrote: >> Thanks for the advice, I got these as error: >> 1408F10B:SSL routines:ssl3_get_record:wrong version >> number:ssl/record/ssl3_record.c:210 >> 1408F119:SSL routines:ssl3_get_record:decryption failed or bad record >> mac:ssl/record/ssl3_record.c:375 >> >> Does it means my configuration is not correct, or not synchronized between >> client and server? > > It means the data OpenSSL is trying to read looks incorrectly formatted. > This should never normally happen with two correctly working endpoints. > The first error will normally immediately result in an alert being sent > and the function call failing - meaning that you'd never get to hit the > second error. I can't see a way of getting both those errors in a single > function call - which might suggest some earlier function call has > failed and the error message is still on the error queue when you call > SSL_read(). They are not generated in a single function call. Sorry, I wans't clear. Like I said, I have a main loop of server that receive requests (once at a time) from the same client. The 1st connection is correct, as always, and all the later connections give one of these 2 errors. > > A couple of things to try: > > - Try calling ERR_print_errors_fp() *before* the call to SSL_read() as > well, to verify there are no errors already in the queue > - A wireshark trace of the communication between the two endpoints might > be helpful to figure out what is going wrong ERR_print_errors_fp() before call of SSL_read returns nothing, which should be a good new... By browsing Wireshark, I jump into a suspect packet from client that contains a RST flags after 1st connection: 797 61.057009 192.168.1.4 192.168.1.121 TCP 54 63862 → 8042 [RST, ACK] Seq=3969 Ack=4619 Win=0 Len=0 Does this help? > > Matt > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users Huy-Cong VU Platform hardware member Network administrator Wandercraft 09 72 58 77 03 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
