1. Forum
  2. Usenet
  3. COMP.OS.MS-WINDOWS.PROGRA

  • OpenSSL v1.0.2 - SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handsh

    From R.Wieser@21:1/5 to All on Wed Jun 12 19:26:39 2024
    Hello all,

    I've got some basic SSL code (witten against libeay32.dll and ssleay32.dll v1.0.2), and on some* website I get the following error :

    * other websites work allright.

    0x14077410 - SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
    failure

    I've googeled for why it happens and how to deal with it, but most of the replies suggest to update curl or wget. :-(

    Question:

    What is causing it, and assuming I do not have the right ciphers enabled
    which one should I enable and how (example code or a tutorial would be welcome).

    Currently I use "OPENSSL_add_all_algorithms_noconf".

    Regards,
    Rudy Wieser

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Charlie Gibbs@21:1/5 to R.Wieser on Wed Jun 12 20:41:19 2024
    On 2024-06-12, R.Wieser <address@is.invalid> wrote:

    Hello all,

    I've got some basic SSL code (witten against libeay32.dll and ssleay32.dll v1.0.2), and on some* website I get the following error :

    * other websites work allright.

    0x14077410 - SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

    I've encountered a similar problem. As far as I can ascertain, it means
    that the server is making a non-TLS response to a TLS handshake.

    Version 1.0.2 is pretty old. Try a newer version; they're up to 3.3.1 now.

    --
    /~\ Charlie Gibbs | The Internet is like a big city:
    \ / <cgibbs@kltpzyxm.invalid> | it has plenty of bright lights and
    X I'm really at ac.dekanfrus | excitement, but also dark alleys
    / \ if you read it the right way. | down which the unwary get mugged.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From R.Wieser@21:1/5 to All on Thu Jun 13 09:52:01 2024
    Charlie,

    0x14077410 - SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
    failure

    I've encountered a similar problem. As far as I can ascertain, it means
    that the server is making a non-TLS response to a TLS handshake.

    Hmmm... My (ancient) FireFox browser has no problem with accessing the same site, making me assume its something on my end that goes wrong. Any idea
    what it might be and/or how to fix - Or even just how I can pin-point - it ?

    Version 1.0.2 is pretty old. Try a newer version; they're up to 3.3.1
    now.

    Any chance you know of a website where they have pre-compiled DLLS for
    download and mention which version of Windows it needs - and preferrable
    have (links to) information/tutorials/example-code about how to use those
    DLLs ? (Having to spend multiple hours scouring the 'intarwebz' for even
    just headerfiles has become less-and-less appealing).

    Regards,
    Rudy Wieser

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Charlie Gibbs@21:1/5 to R.Wieser on Thu Jun 13 18:43:39 2024
    On 2024-06-13, R.Wieser <address@is.invalid> wrote:

    0x14077410 - SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
    failure

    I've encountered a similar problem. As far as I can ascertain, it means
    that the server is making a non-TLS response to a TLS handshake.

    Hmmm... My (ancient) FireFox browser has no problem with accessing the same site, making me assume its something on my end that goes wrong. Any idea what it might be and/or how to fix - Or even just how I can pin-point - it ?

    You might be trying to establish a TLS 1.1 connection to a server that
    wants TLS 1.3.

    Version 1.0.2 is pretty old. Try a newer version; they're up to 3.3.1
    now.

    Any chance you know of a website where they have pre-compiled DLLS for download and mention which version of Windows it needs - and preferrable
    have (links to) information/tutorials/example-code about how to use those DLLs ? (Having to spend multiple hours scouring the 'intarwebz' for even just headerfiles has become less-and-less appealing).

    In a word, no. Besides, not being a fan of DLLs, I was looking for
    a way to build modules I could statically link, using a compiler of
    my choosing. Although I had managed to build 1.0.1g with the Borland
    C++ Builder 5.5 I've been using to build all my software, I had to
    switch to MinGW to build version 3.x of libcrypto.a and libssl.a -
    and then, of course, I had to change my makefiles to compile the
    calling programs with MinGW as well.

    It's a lot of work. Take a close look at https://www.openssl.org
    and be prepared to use your favourite search engine a lot.

    Under Linux it's _so_ much easier - everything is built in.

    --
    /~\ Charlie Gibbs | The Internet is like a big city:
    \ / <cgibbs@kltpzyxm.invalid> | it has plenty of bright lights and
    X I'm really at ac.dekanfrus | excitement, but also dark alleys
    / \ if you read it the right way. | down which the unwary get mugged.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From R.Wieser@21:1/5 to All on Thu Jun 13 21:21:17 2024
    Charlie,

    Any idea what it might be and/or how to fix - Or even just how I
    can pin-point - it ?

    You might be trying to establish a TLS 1.1 connection to a server
    that wants TLS 1.3.

    Possible. Heck, /everything/ is possible right now. I've written my code
    using tidbits I found here-and-there, and do not even know how to check
    which encryptions are currently enabled - or, if availablet, how to add
    others.

    IOW, I think I'm lucky that my code actualy runs. :-|

    Any chance you know of a website where they have pre-compiled DLLS
    for download
    [snip]

    In a word, no. Besides, not being a fan of DLLs, I was looking
    for a way to build modules I could statically link, using a compiler
    of my choosing.

    I like DLLs myself, as my own programs can than stay small (as an Assembly programmer (Borands Tasm v5) I like small).

    It's a lot of work. Take a close look at https://www.openssl.org

    I already downloaded their latest, and was positivily surprised it needed
    only two DLLs. I also saw a folder with a lot of header files. The problem
    is that knowing which functions are available which arguments each of them needs doesn't give any insight to in which order they need to be used and/or which ones need to be used in pairs. :-|

    and be prepared to use your favourite search engine a lot.

    I will probably at least try.

    Than again, I might just try to disasemble the "openssl.exe" program (or
    just intercept its calls to its DLLs) and take a hint or two from that.

    ... but I stil rather have some example code (the above is rather time-consuming)

    Regards,
    Rudy Wieser

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)