Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL Error #7

Open
ihsankl opened this issue Nov 22, 2021 · 9 comments
Open

SSL Error #7

ihsankl opened this issue Nov 22, 2021 · 9 comments

Comments

@ihsankl
Copy link

ihsankl commented Nov 22, 2021
edited
Loading

No description provided.

@ihsankl ihsankl closed this as completed Nov 22, 2021
@ihsankl ihsankl reopened this Nov 22, 2021
@ihsankl
Copy link
Author

ihsankl commented Nov 22, 2021

i have this error on me. i searched through google and find no answers. can you help me?
image

also this is my openssl version in case you need it.
image

@LionNatsu
Copy link
Owner

LionNatsu commented Nov 23, 2021
edited
Loading

It's unusual for OpenSSL 1.1, which is quite a high version. Could the host or port be the wrong one?

Could you please report the output of openssl s_client -host 123.123.123.123 -port 12345 (with your actual host and port).

There could be several private or even secret information about your organization/location. You may consider sending it directly to me privately. The address is lion at aosc.io.

@ihsankl
Copy link
Author

ihsankl commented Nov 24, 2021

hi lion! i sent you an email. in case you didn't get the email.

@LionNatsu
Copy link
Owner

Ack. I'll check it asap

@firemeteorxx
Copy link

I run into the same syndrome today. After capturing the packets for diagnose purpose, it turns out to be a TLS version mismatch.

The client attempts to use TLS1.2, while the server sticks to 1.0:
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 508
Version: TLS 1.2 (0x0303)
...
vs

Handshake Protocol: Server Hello
Handshake Type: Server Hello (2)
Length: 49
Version: TLS 1.0 (0x0301)
Random: 61b7c079c8dc4b54a1f927244ab19ba701e847a73caa2583...
Session ID Length: 0
Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
Compression Method: null (0)
Extensions Length: 9
Extension: renegotiation_info (len=1)
Extension: SessionTicket TLS (len=0)

I can workaround this issue by force the client to use TLSv1.0 through the following: ssl_version=ssl.PROTOCOL_TLSv1
But I'm not sure if this is the proper way to fix the problem. Shouldn't the server and the client negotiate on the protocol version?

@firemeteorxx
Copy link

Add the extra parameter I mentioned to the ssl.wrap_socket() call. At least this works for me.

@firemeteorxx
Copy link

Here in hillstone.py

class ClientCore(object):
def init(self):
self.socket = ssl.wrap_socket(socket.socket(socket.AF_INET, socket.SOCK_STREAM))
self.client_ver = '1.0.0'

@ihsankl
Copy link
Author

ihsankl commented Dec 18, 2021

thanks but i forced my system to use ssl v1. and it works.

@ruixingw
Copy link

ruixingw commented May 22, 2023
edited
Loading

Hello. I am also seeing this and the workaround doesn't work. Can someone help?

Below is the output of openssl s_client -host vpn1.nsccwx.cn -port 4434

CONNECTED(00000003)
140305714038080:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:../ssl/statem/statem_lib.c:1941:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 58 bytes and written 313 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)

The client is Ubuntu 20.04.4 and has OpenSSL 1.1.1f 31 Mar 2020.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@LionNatsu @firemeteorxx @ruixingw @ihsankl