Unable to establish the SSL connection to the Ubuntu Linux Machine

0
votes

Have tried to establish the SSL connection to the Linux server machine from an STB client device. Am getting the following SSL error,

error:1408F10B:lib(20):func(143):reason(267) (find reason(code) at openssl/ssl.h)

On checking with openssl command, am getting the following information,

CONNECTED(00000003)
write to 0x7ee98 [0x8a153] (148 bytes => 148 (0x94))
0000 - 16 03 00 00 8f 01 00 00-8b 03 00 50 40 64 2c 41   ...........P@d,A
0010 - 53 23 c1 e1 9a dd e3 40-61 b3 71 cb 38 fe ba c9   S#[email protected]...
0020 - 6b d7 b4 00 0d 21 88 19-6a 7c 56 00 00 64 c0 14   k....!..j|V..d..
0030 - c0 0a 00 39 00 38 00 37-00 36 00 88 00 87 00 86   ...9.8.7.6......
0040 - 00 85 c0 0f c0 05 00 35-00 84 c0 13 c0 09 00 33   .......5.......3
0050 - 00 32 00 31 00 30 00 9a-00 99 00 98 00 97 00 45   .2.1.0.........E
0060 - 00 44 00 43 00 42 c0 0e-c0 04 00 2f 00 96 00 41   .D.C.B...../...A
0070 - 00 07 c0 11 c0 07 c0 0c-c0 02 00 05 00 04 c0 12   ................
0080 - c0 08 00 16 00 13 00 10-00 0d c0 0d c0 03 00 0a   ................
0090 - 00 ff 01                                          ...
0094 - <SPACES/NULS>
read from 0x7ee98 [0x85c03] (5 bytes => 5 (0x5))
0000 - 48 54 54 50 2f                                    HTTP/
write to 0x7ee98 [0x8f610] (7 bytes => 7 (0x7))
0000 - 15 03 00 00 02 02 28                              ......(
3069535440:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version    number:s3_pkt.c:362:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 5 bytes and written 7 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
   Protocol  : SSLv3
Cipher    : 0000
Session-ID: 
Session-ID-ctx: 
Master-Key: 
Key-Arg   : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1516869657
Timeout   : 7200 (sec)
Verify return code: 0 (ok)

Exact error am getting is 3069535440:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:362:.

Please have someone help to resolve this issue?

1
linuxsslopenssltls1.2sslv3
WRONG PORT. You omitted from your Q, but say in a comment below, you are connecting to port 8080. 8080 is normally HTTP not HTTPS, and you can see from the trace that is true on this server. Try connecting to the port that is HTTPS; that can vary depending on the server which you don't identify but may be 8443. But your openssl is in fact requesting SSLv3 and many modern implementations no longer allow that because it is broken; what exactly is the server?dave_thompson_085
Server is a Linux machine running Ubuntu 14.04. And am trying to connect this machine from client set top box device. SSL attempt to this machine ip and port was used is 8080.Vysakh A V
Ubuntu is an OS, not a webserver; there are thousands of webservers that can run on Ubuntu -- and that's if you need HTTPS and not some other SSL/TLS protocol; are you sure of that? If you do want HTTPS on 8080, you need to turn off whatever is currently doing HTTP on 8080, and turn on something that does HTTPS on 8080 (maybe the same thing modified to do HTTPS instead of HTTP).dave_thompson_085
@dave_thompson_085 yes. From the client device , am trying to connect to the http server listening on the port 8080. If am doing wrong, please help me to rectify my issues. Thanks very much.Vysakh A V
If the device is trying to connect SSL/TLS to port 8080, which is very unusual but seems to be indicated by its error message, and you have an HTTP server on port 8080, then yes you are doing something wrong. SSL/TLS and HTTP are different. Given what you say, you need a server on port 8080 for some SSL/TLS-based protocol -- possibly HTTPS (note the S; HTTPS is not the same as HTTP, although many webservers can do both). At a minimum given you have a suitable cert&key, you could use openssl s_server -accept 8080 ... and if the device handshakes okay look at what it sends.dave_thompson_085

1 Answers

0
votes

As you can see in the error information you provided there is a routines:SSL3_GET_RECORD:wrong version error. It seems to me that you try to use SSL3 although the Sever and/or Client is not supporting this SSL-Version. Try to change the used method and try again.

EDIT: The protocol is supported due to Verify return code with Protocol SSLv3 being 0.