Uploaded image for project: 'Erlang/OTP'
  1. Erlang/OTP
  2. ERL-347

Incorrectly aborted TLS handshake - ssl_v2_client_hello_no_supported

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 19.2
    • Fix Version/s: 19.3
    • Component/s: ssl
    • Labels:
      None

      Description

      =ERROR REPORT==== 31-Jan-2017::11:21:29 ===
      SSL: hello: ../src/tls_handshake.erl:204:Fatal error: handshake failure - handshake_decode_error

      Having setup a simple SSL/TLS server not supporting SSLv2, sending a CLIENT_HELLO (for TLSv1.2) where the lower 16 bits of the GMT time is 0 and where the upper 16 bits of the GMT time + the first two bytes of the ClientRandom data happens to match the length of the rest of the message the handshake will be aborted with 'ssl_v2_client_hello_no_supported'.

      A concrete HELLO_CLIENT package that will be rejected is:
      {{<<1,0,0,71,3,3,0,0,0,0,0,63,210,235,149,6,244,140,108,13,177,74,
      16,218,33,108,219,41,73,228,3,82,132,123,73,144,118,100,0,0,
      32,192,4,0,10,192,45,192,38,0,47,192,18,0,163,0,22,0,165,192,
      29,192,18,192,30,0,103,0,57,192,48,0,47,1,0>>
      }}

        Attachments

          Activity

            People

            Assignee:
            ingela Ingela Anderton Andin
            Reporter:
            hanssv hanssv
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: