I run into the following issue when I use openssl 1.0.2k (amazon linux2) to check the connection.
[ec2-user@ip-172-31-29-28 ~]$ openssl s_client -connect data.reversinglabs.com:443 -tls1_2
CONNECTED(00000003)
139994515941280:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:365:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1652817101
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
CONNECTED(00000003)
139994515941280:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:365:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
Start Time: 1652817101
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---
[ec2-user@ip-172-31-29-28 ~]$ openssl version
OpenSSL 1.0.2k-fips 26 Jan 2017
OpenSSL 1.0.2k-fips 26 Jan 2017
If I use brew install the latest openssl (3.0.*), then the same command works. As our production is still using openssl 1.0.2k, my question is what causes this error and whether this is really an issue.
Thanks.
