On Sun, Mar 22, 2015 at 08:59:39AM +0000, Jeremy Harris wrote:
> On 19/03/15 01:09, Tom Vernon wrote:
> >2015-03-19 00:04:02 TLS error on connection from (ME) [xx.xx.xx.xx]
> >(SSL_accept): error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
> >protocol
>
> Sounds like an ssl protocol version issue.
Almost always, "unknown protocol" means that the data received was
not a TLS client HELLO at all, but rather some cleartext or other
data that is not a TLS handshake (in some rare cases a malformed
TLS record-layer packet due to implementation bugs).
>From ssl/s23_srvr.c:
if ((type < 1) || (type > 3)) {
/* bad, very bad */
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO, SSL_R_UNKNOWN_PROTOCOL);
goto err;
}
The point of the code sample, is that the protocol is not any
plausible SSL/TLS version that's ever been defined.
--
Viktor.