Re: Help with TLS call on openssl3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On 24/01/2022 12:58, Srinivas, Saketh (c) wrote:
HI,

I am using Openssl3. while Run a TLS call, call connected successfully, but at the end of the call i got the error message:

SSL3 alert write:fatal:decode error
  SSL error (a000126): unexpected eof while reading

This is a new error message introduced into OpenSSL 3.0. It means that the peer disconnected without first sending a shutdown message.

In OpenSSL 1.x this would be reported by SSL_get_error() as SSL_ERROR_SYSCALL but with errno set to 0. The 1.x behaviour was considered a bug - however fixing it in the 1.x tree caused some applications that relied on the old behaviour to break - so the fix was reverted there. The fixed behaviour was kept in the 3.0 tree. This error is now reported by SSL_get_error() as SSL_ERROR_SSL.

Applications may choose to use the new option SSL_OP_IGNORE_UNEXPECTED_EOF:

https://www.openssl.org/docs/man3.0/man3/SSL_CTX_set_options.html

This will cause an unexpected EOF to be treated as if a shutdown has been received. Note: this should be used with caution since it could lead to a truncation attack.

Matt

  ERROR on SSL_read err=1 flag=0
  Initiating SSL shutdown

I think some issue while disconnecting the session. When i tried with openssl1 it did not throw the error. I am testing with sipp.

IN wireshark i can see sipp sending TCP-FIN-ACK and openssl3 responded with TCP-PSH-ACK. Whereas in the openssl1 case it responded with a tcp message "encrypted alert" .

I think some issue with closing TLS connection in openssl3.

Can someone help me understand why?

thanks,
Saketh.

Notice: This e-mail together with any attachments may contain information of Ribbon Communications Inc. and its Affiliates that is confidential and/or proprietary for the sole use of the intended recipient. Any review, disclosure, reliance or distribution by others or forwarding without express permission is strictly prohibited. If you are not the intended recipient, please notify the sender immediately and then delete all copies, including any attachments.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux