1

I have a server app running on my computer listening on a certain port. When I try to use OpenSSL (on Mac, i upgraded via brew already from the default Mac version for OpenSSL). 

openssl s_client -connect 0.0.0.0:80051 -showcerts -prexit -servername localhost -debug

Response

CONNECTED(00000003)
write to 0x7fe62b41b370 [0x7fe62b80d000] (118 bytes => 118 (0x76))
0000 - 16 03 01 00 71 01 00 00-6d 03 01 58 d2 84 72 d5   ....q...m..X..r.
0010 - 1b d3 47 9c 8e 6b b3 fb-10 a5 21 af 0e 5d 79 7b   ..G..k....!..]y{
0020 - 54 77 4b 70 11 b0 77 5e-1e 9c e7 00 00 2e 00 39   TwKp..w^.......9
0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f   .8.5.......3.2./
0040 - 00 9a 00 99 00 96 00 05-00 04 00 15 00 12 00 09   ................
0050 - 00 14 00 11 00 08 00 06-00 03 00 ff 01 00 00 16   ................
0060 - 00 00 00 0e 00 0c 00 00-09 6c 6f 63 61 6c 68 6f   .........localho
0070 - 73 74 00 23                                       st.#
0076 - <SPACES/NULS>
read from 0x7fe62b41b370 [0x7fe62b812600] (7 bytes => 0 (0x0))
85473:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/OpenSSL098/OpenSSL098-59.60.1/src/ssl/s23_lib.c:185:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 118 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---

On server

E0322 10:04:34.017891000 123145312870400 ssl_transport_security.c:947] Handshake failed with fatal error SSL_ERROR_SSL: error:1408A10B:SSL routines:ssl3_get_client_hello:wrong version number.
E0322 10:04:34.017964000 123145312870400 chttp2_server.c:123] Handshaking failed: {"created":"@1490191474.017913000","description":"Handshake failed","file":"../src/core/lib/security/transport/security_handshaker.c","file_line":274,"tsi_code":10,"tsi_error":"TSI_PROTOCOL_FAILURE"}

I have tried passing -ssl3 and -tls1 in the OpenSSL command with no success. Any thoughts on how to process the info or use the openssl to debug further what might be causing ssl client connection issues to the server. Thanks

jww
  • 97,681
  • 90
  • 411
  • 885
ali haider
  • 19,175
  • 17
  • 80
  • 149
  • 2
    I doubt that this is an upgraded OpenSSL you are using, at least not an OpenSSL at least version 1.0.1. The request you send is version TLS 1.0 (hex `03 01`) while current OpenSSL use TLS 1.2. – Steffen Ullrich Mar 22 '17 at 14:26
  • yes you're right @SteffenUllrich - i should have checked: openssl version shows "OpenSSL 0.9.8zh 14 Jan 2016". Please answer with the same comment and will accept – ali haider Mar 22 '17 at 14:32
  • Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See [What topics can I ask about here](http://stackoverflow.com/help/on-topic) in the Help Center. Perhaps [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/) would be a better place to ask. Also see [Where do I post questions about Dev Ops?](http://meta.stackexchange.com/q/134306) – jww Mar 22 '17 at 15:35
  • Also see [Homebrew refusing to link OpenSSL](http://stackoverflow.com/q/38670295), [Update OpenSSL on OS X with Homebrew](http://stackoverflow.com/q/15185661), [How to install latest version of openssl Mac OS X El Capitan](http://stackoverflow.com/q/35129977), [How to upgrade OpenSSL in OS X?](http://apple.stackexchange.com/q/126830), [Openssl installation using HomeBrew fails](http://superuser.com/q/486389), etc. – jww Mar 22 '17 at 17:31

1 Answers1

1

i upgraded via brew already from the default Mac version for OpenSSL...

  0000 - 16 03 01 .... 03 01

The debug logs shows a ClientHello with TLS version 1.0 (0x0301). This suggests that an old version of OpenSSL was used and not the upgraded one, since this version 1.0.1 (released 2012) it supports TLS 1.2 and will use it by default.

Community
  • 1
  • 1
Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172