Trolltech Home | Qt-interest Home | Recent Threads | All Threads | Author | Date
All threads index page 4

Qt-interest Archive, December 2007
4.3.2 [QSslSocket] Acting as a server, SSL handshake fail with "SSL3_GET_RECORD:wrong version number"

• Subject: 4.3.2 [QSslSocket] Acting as a server, SSL handshake fail with "SSL3_GET_RECORD:wrong version number"
• From: "David Keller" <escaflownnn@xxxxxxxxx>
• Date: Wed, 26 Dec 2007 01:35:26 +0100
• Delivered-to: qt-interest@trolltech.com
• Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type; bh=Sn8z8ga/eGwEm9gnmOLT5unxEEXY7NFgd49Igy1vUmo=; b=IJKGT4q6pk4IFDN7bLebLFj2KpaC+icqFC9RFQuRAo/UkMhMHDIN46bo5d915Lk11jLEryrlaxQsbQ7H6/9OrKIjVyvgJ2BiBDqLIrcFkE5MwHSvXXqN0GS96onEaiAOvqtKc0gfDS9JtWRgoJWBXNzGcnNbccXCNL0JPoC0WOc=
• Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type; b=m42E9iIjkKSq975mZlwoAv8I7nR1YZLmKh7CMQTmJEghU/yaUucGf34IPYtqinJPqkWLn9Zt49tQERp+w3+SHMfu14Q8O47MOcV5sjxWDD0qbf+OAPTaASnPi8dyyBmDT7fuKNV+jbqaRg3QOgwPDT58Y+3ETx1pi8aojR5x/V8=
• List-help: <mailto:qt-interest-request@trolltech.com?subject=help>
• List-post: <mailto:qt-interest@trolltech.com>
• List-subscribe: <mailto:qt-interest-request@trolltech.com?subject=subscribe>
• List-unsubscribe: <mailto:qt-interest-request@trolltech.com?subject=unsubscribe>
• Resent-from: qt-interest@xxxxxxxxxxxxx
• Resent-message-id: <Rl-x6.A.vPE.aHacHB@esparsett>
• Resent-sender: qt-interest-request@xxxxxxxxxxxxx
• To: qt-interest@xxxxxxxxxxxxx

Hi there.

The purpose is to design a http server SSL enabled.

The architecure is working fine in plain text but fail when
QSslSocket::startServerEncryption () is called.
This is the error "Error during SSL handshake: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number"

Configuration:

* Using gentoo 4.3.2-r1 ebuild compiled with ssl and zlib support.
* Using OpenSSL 0.9.8g 19 Oct 2007
* Tested with opera/firefox/'openssl s_client'.
* server private key and certificate are valid (tested with 'openssl
s_client' & 'openssl s_server')

Architecture description:

* A QTcpServer is running in the main event loop.
* Its incommingConnection (int) method has been rewriten to create a new
thread, pass connected socket 's file descriptor to the
constructor, start the thread and return.
* In the created thread, the run () method declares a QSslSocket as local
variable and sets socket's file descriptor to the file descriptor previously
passed in the constructor. The QSslsocket is binded to the new thread, cool.

* If ssl is enabled (_useSsl), the QSslSocket 's private key and certificate
are registered and QSslSocket::startServerEncryption () is called.
* The thread event loop is started.
* If SIGNAL (encrypted ()) is emitted, then SIGNAL (readyRead
()) is connected to a processing slot.
* If SIGNAL (disconnect ()) is emmited, the thread event loop quit () and
the entire thread is deleted (with QSslSocket of course).

What happen, or what do not happen ?

* The encrypted signal is never called.
* SIGNAL (QAbstractSocket::error ()) is fired and QSslSocket::errorString ()
output "Error during SSL handshake: error:1408F10B:SSL
routines:SSL3_GET_RECORD:wrong version number"
* SIGNAL (QSslSocket::sslErrors (..)) is NEVER fired.
* connecting SIGNAL (sslErrors ()) to SLOT (ignoreSslErrors ()) do NOT work.
* The error made the socket disconnecting.

/* Now some nice logs */

# Using default protocol
* Server Side (4 attempts)

(Debug) [0x8058400] Server::start: Listening at 0.0.0.0:6666.
(Debug) [0x8058400] Server::start: SSL enable.
(Debug) [0x80de6a0] ClientThread::run: 192.168.0.100:42230 connected.
(Debug) [0x80de6a0] ProcessingEngine::error: 192.168.0.100:42230 Error
during SSL handshake: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
version number
(Debug) [0x80de6a0] ClientThread::run: 192.168.0.100:42230 disconnected.
[...]
(Debug) [0x8086eb0] ClientThread::run: 192.168.0.100:42233 connected.
(Debug) [0x8086eb0] ProcessingEngine::error: 192.168.0.100:42233 Error
during SSL handshake: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
version number
(Debug) [0x8086eb0] ClientThread::run: 192.168.0.100:42233 disconnected.


* Client Side  (1 attempt)

$openssl s_client -connect host:6666 -msg
CONNECTED(00000003)
>>> SSL 2.0 [length 008c], CLIENT-HELLO
01 03 01 00 63 00 00 00 20 00 00 39 00 00 38 00
00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00
13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f
00 00 45 00 00 44 00 00 41 00 00 07 05 00 80 03
00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00
12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08
00 00 06 04 00 80 00 00 03 02 00 80 e5 49 0f ee
37 f8 36 ee 10 1d d0 3e 97 35 de e3 a8 e6 d8 67
04 3d 1c ec db 17 d9 78 5e 59 df ba
12920:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:


# Forcing sslV2

* Server Side (1 attempts)

(Debug) [0x8058400] Server::start: Listening at 0.0.0.0:6666.
(Debug) [0x8058400] Server::start: SSL enable.
(Debug) [0x80de6a0] ClientThread::run: 192.168.0.100:38509 connected.
(Debug) [0x80de6a0] ClientThread::run: 192.168.0.100:38509 disconnected.


* Client Side  (1 attempt)

$openssl s_client -connect host:6666 -msg
CONNECTED(00000003)
>>> SSL 2.0 [length 008c], CLIENT-HELLO
    01 03 01 00 63 00 00 00 20 00 00 39 00 00 38 00
    00 35 00 00 88 00 00 87 00 00 84 00 00 16 00 00
    13 00 00 0a 07 00 c0 00 00 33 00 00 32 00 00 2f
    00 00 45 00 00 44 00 00 41 00 00 07 05 00 80 03
    00 80 00 00 05 00 00 04 01 00 80 00 00 15 00 00
    12 00 00 09 06 00 40 00 00 14 00 00 11 00 00 08
    00 00 06 04 00 80 00 00 03 02 00 80 c7 47 5e 3c
    39 69 05 4d fe 12 3f 26 a9 17 d1 4e cf f8 e3 8b
    03 c7 bd 88 5f 5d fc 13 f1 91 dc 25
<<< SSL 2.0 [length 037a], SERVER-HELLO
    04 00 01 00 02 03 4a 00 15 00 10 30 82 03 46 30
    82 02 af a0 03 02 01 02 02 09 00 ab 05 7c f0 76
    e3 52 7f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05
    05 00 30 76 31 0b 30 09 06 03 55 04 06 13 02 46
    52 31 16 30 14 06 03 55 04 08 13 0d 48 61 75 74
    20 64 65 20 53 65 69 6e 65 31 12 30 10 06 03 55
    04 07 13 09 56 69 6c 6c 65 6a 75 69 66 31 21 30
    1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e 65 74
    20 57 69 64 67 69 74 73 20 50 74 79 20 4c 74 64
    31 18 30 16 06 03 55 04 03 13 0f 63 6f 6d 70 2d
    33 2d 77 69 66 69 2e 6c 61 6e 30 1e 17 0d 30 37
    31 32 32 35 31 38 34 30 35 38 5a 17 0d 30 38 31
    32 32 34 31 38 34 30 35 38 5a 30 76 31 0b 30 09
    06 03 55 04 06 13 02 46 52 31 16 30 14 06 03 55
    04 08 13 0d 48 61 75 74 20 64 65 20 53 65 69 6e
    65 31 12 30 10 06 03 55 04 07 13 09 56 69 6c 6c
    65 6a 75 69 66 31 21 30 1f 06 03 55 04 0a 13 18
    49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 73
    20 50 74 79 20 4c 74 64 31 18 30 16 06 03 55 04
    03 13 0f 63 6f 6d 70 2d 33 2d 77 69 66 69 2e 6c
    61 6e 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01
    01 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 bf
    ec 90 d0 4b 9c 79 f5 a8 11 a9 38 51 4b 9d 9a 00
    f2 15 42 59 51 9d 78 20 7b 2b ce 79 95 fb 5c e3
    ee 22 45 ac 8e 36 3c 38 7f 35 72 99 6a 19 20 10
    e3 45 35 a6 41 d6 fe 18 eb 7f 27 93 ca 0a dd c6
    82 a7 ed 1f b0 f8 94 11 6d f0 5b 06 2c c4 94 69
    18 7f a6 10 fc bf b3 c5 bb fa 7f 60 cf ee e2 cc
    0e bd bd a2 8d d3 63 23 35 43 68 7d 99 e0 c9 12
    f1 88 a3 09 6a 63 b3 95 31 3c e1 3f b7 ac a7 02
    03 01 00 01 a3 81 db 30 81 d8 30 1d 06 03 55 1d
    0e 04 16 04 14 26 04 ff 87 20 96 a2 34 ab 93 56
    1f 9c 5f 36 33 29 7b 42 a9 30 81 a8 06 03 55 1d
    23 04 81 a0 30 81 9d 80 14 26 04 ff 87 20 96 a2
    34 ab 93 56 1f 9c 5f 36 33 29 7b 42 a9 a1 7a a4
    78 30 76 31 0b 30 09 06 03 55 04 06 13 02 46 52
    31 16 30 14 06 03 55 04 08 13 0d 48 61 75 74 20
    64 65 20 53 65 69 6e 65 31 12 30 10 06 03 55 04
    07 13 09 56 69 6c 6c 65 6a 75 69 66 31 21 30 1f
    06 03 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20
    57 69 64 67 69 74 73 20 50 74 79 20 4c 74 64 31
    18 30 16 06 03 55 04 03 13 0f 63 6f 6d 70 2d 33
    2d 77 69 66 69 2e 6c 61 6e 82 09 00 ab 05 7c f0
    76 e3 52 7f 30 0c 06 03 55 1d 13 04 05 30 03 01
    01 ff 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05
    00 03 81 81 00 2c e2 a5 cc 8e 54 94 ad a5 45 12
    c5 61 32 5c f2 a4 9c e2 fe 1d 21 1a 7d bd 88 1a
    57 bc 57 87 79 4a 71 1e 38 57 6b 5e 83 fd 06 b7
    73 5a c9 f5 f3 f2 70 16 77 50 b2 29 94 2c 8a 87
    2a 51 d8 ec 18 89 e2 73 d9 73 53 1e 85 e8 59 eb
    5f ac b2 e6 3f ba df 4e bb 57 35 28 f0 8e a6 9e
    07 58 72 a9 21 24 41 66 5b a5 56 c3 d2 50 8e cf
    26 eb bb 15 d5 58 34 fd eb f0 35 9c 29 25 80 5d
    fb c5 51 b1 46 07 00 c0 05 00 80 03 00 80 01 00
    80 06 00 40 04 00 80 02 00 80 ab 29 2e 97 e1 a0
    af cd 0c 06 2d 40 66 94 32 58
depth=0 /C=FR/ST=Haut de Seine/L=Villejuif/O=Internet Widgits Pty
Ltd/CN=host
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=FR/ST=Haut de Seine/L=Villejuif/O=Internet Widgits Pty
Ltd/CN=host
verify return:1
>>> SSL 2.0 [length 0092], CLIENT-MASTER-KEY
    02 07 00 c0 00 00 00 80 00 08 58 67 e4 68 ae 17
    9e 6f a7 e4 7b 05 50 d5 5f 17 1f a2 ab 14 40 e2
    e5 c5 22 25 c1 a0 d4 d4 60 b4 a1 af dd e8 06 ab
    c8 56 6d 5c 16 1b 81 c4 46 f2 35 23 fd 8e 93 b1
    4a 24 8c eb 99 74 f5 2c 2b c7 0d dd d2 ac 26 47
    ff 98 f1 c6 29 39 82 84 e7 9e 7b 9b fd 71 0c f1
    78 88 77 24 f1 99 45 d2 18 78 11 65 c8 d0 fc 4b
    85 0b d4 43 5e 5b 59 48 41 9a ee 99 ae 46 0d 42
    07 2f 70 d2 05 09 92 70 8a 1f 1e 54 b4 3e 5f 73
    3e cd
>>> SSL 2.0 [length 0011], CLIENT-FINISHED
    03 ab 29 2e 97 e1 a0 af cd 0c 06 2d 40 66 94 32
    58
<<< SSL 2.0 [length 0021], SERVER-VERIFY
    05 c7 47 5e 3c 39 69 05 4d fe 12 3f 26 a9 17 d1
    4e cf f8 e3 8b 03 c7 bd 88 5f 5d fc 13 f1 91 dc
    25
13046:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:188:



Ask me for the code if it could help.

Thanks.

• Subject: Re: 4.3.2 [QSslSocket] Acting as a server, SSL handshake fail with "SSL3_GET_RECORD:wrong version number"
• From: Thiago Macieira <thiago.macieira@xxxxxxxxxxxxx>
• Date: Tue, 25 Dec 2007 23:18:11 -0200
• Delivered-to: qt-interest@trolltech.com
• List-help: <mailto:qt-interest-request@trolltech.com?subject=help>
• List-post: <mailto:qt-interest@trolltech.com>
• List-subscribe: <mailto:qt-interest-request@trolltech.com?subject=subscribe>
• List-unsubscribe: <mailto:qt-interest-request@trolltech.com?subject=unsubscribe>
• Organization: Trolltech ASA
• Resent-from: qt-interest@xxxxxxxxxxxxx
• Resent-message-id: <W-WUGB.A.PJC.pvacHB@esparsett>
• Resent-sender: qt-interest-request@xxxxxxxxxxxxx
• To: qt-interest@xxxxxxxxxxxxx

David Keller wrote:
>The architecure is working fine in plain text but fail when
>QSslSocket::startServerEncryption () is called.
>This is the error "Error during SSL handshake: error:1408F10B:SSL
>routines:SSL3_GET_RECORD:wrong version number"

Can you retest with 4.3.3 and 4.4.0-tp1? We have fixed a couple of bugs in 
SSL code.

-- 
 [ signature omitted ] 

Attachment: signature.asc
Description: This is a digitally signed message part.

• Subject: Re: 4.3.2 [QSslSocket] Acting as a server, SSL handshake fail with "SSL3_GET_RECORD:wrong version number"
• From: "David Keller" <escaflownnn@xxxxxxxxx>
• Date: Wed, 26 Dec 2007 05:56:21 +0100
• Delivered-to: qt-interest@trolltech.com
• Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=jbTuOFX/U8NPV8LfIqPpgBW31Ru3/SauYk5SosQACsQ=; b=Z2/x5eEf1zFtIGsimKlvs3K/JW3/R+CxZ+uPS8Z8wHL7sJFZBsGaJmBZfD8kShUAFrJlCWF4Ki32dZEGOmjGMk1kmLacTplzHZ9s32l/K+Km/nBGSREU+d7aLopSCoV07YL/Bq0T7NMgxLixQKuG/lUrkl/9lJ/IxVq9o6tJ3FA=
• Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=wriBBwW7UWOR08TiIJHG0LrWlFM2lZxpwFNFAnKDqjWw6obmcO66Pws4YFkHajOBYV8Hne3XawLUqoKJ8Ql64ZGV0sHji86rYxaNaO/MtM++3Ivf1arC005CJ/yiWgHrIxNo7up0QVdABgT22vTVef6AB9V9fvolwU8jPM19hHY=
• List-help: <mailto:qt-interest-request@trolltech.com?subject=help>
• List-post: <mailto:qt-interest@trolltech.com>
• List-subscribe: <mailto:qt-interest-request@trolltech.com?subject=subscribe>
• List-unsubscribe: <mailto:qt-interest-request@trolltech.com?subject=unsubscribe>
• Resent-from: qt-interest@xxxxxxxxxxxxx
• Resent-message-id: <33zXMD.A.LLH.B8dcHB@esparsett>
• Resent-sender: qt-interest-request@xxxxxxxxxxxxx
• To: qt-interest@xxxxxxxxxxxxx

Same problem with both :/

On 12/26/07, Thiago Macieira <thiago.macieira@xxxxxxxxxxxxx> wrote:
>
> David Keller wrote:
> >The architecure is working fine in plain text but fail when
> >QSslSocket::startServerEncryption () is called.
> >This is the error "Error during SSL handshake: error:1408F10B:SSL
> >routines:SSL3_GET_RECORD:wrong version number"
>
> Can you retest with 4.3.3 and 4.4.0-tp1? We have fixed a couple of bugs in
> SSL code.
>
> --
> Thiago José Macieira - thiago.macieira AT trolltech.com
> Trolltech ASA - Sandakerveien 116, NO-0402 Oslo, Norway
>
>

• Subject: Re: 4.3.2 [QSslSocket] Acting as a server, SSL handshake fail with "SSL3_GET_RECORD:wrong version number"
• From: "David Keller" <escaflownnn@xxxxxxxxx>
• Date: Wed, 26 Dec 2007 17:49:08 +0100
• Delivered-to: qt-interest@trolltech.com
• Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; bh=fZOscoYC+dWlXO2Siq9+Hzm0r+4luoF5m0utepgxwI4=; b=kEC03u+pHEcX88/nwtpUiDyRCxkUv2bGrewhaOO8z4bPqb0L0fjQROJFk2P5iuYf3+h+87VW/PnsI2o965iFvmPb61tK5ZPlO64ZDHbB4DmYGzyTQWw2R1lLlCHblYjF2+xkDHK30JV4SCadsi7j8tepKs/cZe6CBWImn8se4Ac=
• Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:references; b=SPdhds3McrOPOqdVfI7Yjhz92idZ5YJbNHMbIaJrYAyidA+7rajzczrdJ9Io0gpoc/5zDOWy183mnvN7sDfAAUaLpANgaauL1t785DJVy/F3SPsraaYWhugQzUUKqRMChZxyFDip3ST9tD6pjK3r6gf4W9MNnAH1q9uvZrkODUA=
• List-help: <mailto:qt-interest-request@trolltech.com?subject=help>
• List-post: <mailto:qt-interest@trolltech.com>
• List-subscribe: <mailto:qt-interest-request@trolltech.com?subject=subscribe>
• List-unsubscribe: <mailto:qt-interest-request@trolltech.com?subject=unsubscribe>
• Resent-from: qt-interest@xxxxxxxxxxxxx
• Resent-message-id: <I4ZmZB.A.D8C.QYocHB@esparsett>
• Resent-sender: qt-interest-request@xxxxxxxxxxxxx
• To: qt-interest@xxxxxxxxxxxxx

Whoups, it is working fine with 4.4.0-tp1 with .setProtocl
(QSsl::ProtocolAny).

But i am running into another problem.

Using QSslSocket::disconnectFromHost () just after writing data using .write
will fire "Unable to write data: [..] SSL_write:protocol is shutdown".
The workaround is to use QSslSocket::flush () before the call to
.disconnectFromHost (), but the documentation of AbstractSocket explains
that using .disconnectFromHost() send any pending data before closing.

And there is some missing accuracies in
http://doc.trolltech.com/4.3/qsslsocket.html:
* enum QSslSocket::SslMode => Description
(QSslSocket::SslServerMode) == Description (QSslSocket::SslClientMode)
* Detailed Description => An example of using the delayed SSL handshake to
secure an existing connection is the case where an SSL server secures an
incoming
connection => code example do not use setPrivateKey and setLocalCertificate.


On 12/26/07, David Keller <escaflownnn@xxxxxxxxx > wrote:
>
> Same problem with both :/
>
> On 12/26/07, Thiago Macieira < thiago.macieira@xxxxxxxxxxxxx> wrote:
> >
> > David Keller wrote:
> > >The architecure is working fine in plain text but fail when
> > >QSslSocket::startServerEncryption () is called.
> > >This is the error "Error during SSL handshake: error:1408F10B:SSL
> > >routines:SSL3_GET_RECORD:wrong version number"
> >
> > Can you retest with 4.3.3 and 4.4.0-tp1? We have fixed a couple of bugs
> > in
> > SSL code.
> >
> > --
> > Thiago José Macieira - thiago.macieira AT trolltech.com
> > Trolltech ASA - Sandakerveien 116, NO-0402 Oslo, Norway
> >
> >
>