Re: Reg issue in alert message

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 22/10/2018 14:56, ramakrushna mishra wrote:
> Hi,
> 
> I am facing an issue after openssl upgrade to 1.1.1. 
> I have a odbc client with maximum version support up to TLSv1.2 and  my
> database is running with TLSv1.2,TLsv1.3. 
> 
> The handhake is failing and I am getting following contents on my BIO dump. 
> "15 03 03 00 02 02 56" . 
> If i have understood correctly this is for alert message and But I could
> not find any reference to alert description at (
> https://tools.ietf.org/id/draft-ietf-tls-tls13-25.html#alert-protocol ) 
> corresponding to 56. 

56 hex == 86 decimal == inappropriate_fallback

i.e. this doesn't tell you any further information than you have below.

> 
> So, Could you please help me figure out what does this correspond to ? 
> 
> Moreover I have following doubt. 
> 
> -- If my TLSv1.2 client does not handle the  "downgrade sentinel "
> present in server hello ( TLSv1.3 , will it create any problem ? 

No, this should not be a problem.

> -- In the above example client is receving error such as "SSL Handshake
> Failure reason [error:1407743E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1
> alert inappropriate fallback]." ? Could you please help me to hint me
> about how to debug this ?

What version of OpenSSL are you using for the client?

Is it possible for you to send me a wireshark trace of the failing
handshake?

In particular I am interested to see if the TLS_FALLBACK_SCSV
ciphersuite is present in the ClientHello (RFC 7507). The
TLS_FALLBACK_SCSV is only supposed to be sent if the client has already
attempted an earlier handshake that failed, and it is now trying a
downgraded protocol version. So, does the wireshark trace reveal the
client attempting an initial handshake that is failing for some other
reason, followed by a second attempt that fails with the inappropriate
fallback error?


Matt
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux