Discussion:
OpenSSL v1.0.2 - SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
(too old to reply)
R.Wieser
2024-06-12 17:26:39 UTC
Permalink
Hello all,

I've got some basic SSL code (witten against libeay32.dll and ssleay32.dll
v1.0.2), and on some* website I get the following error :

* other websites work allright.

0x14077410 - SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure

I've googeled for why it happens and how to deal with it, but most of the
replies suggest to update curl or wget. :-(

Question:

What is causing it, and assuming I do not have the right ciphers enabled
which one should I enable and how (example code or a tutorial would be
welcome).

Currently I use "OPENSSL_add_all_algorithms_noconf".

Regards,
Rudy Wieser
Charlie Gibbs
2024-06-12 20:41:19 UTC
Permalink
Post by R.Wieser
Hello all,
I've got some basic SSL code (witten against libeay32.dll and ssleay32.dll
* other websites work allright.
0x14077410 - SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure
I've encountered a similar problem. As far as I can ascertain, it means
that the server is making a non-TLS response to a TLS handshake.

Version 1.0.2 is pretty old. Try a newer version; they're up to 3.3.1 now.
--
/~\ Charlie Gibbs | The Internet is like a big city:
\ / <***@kltpzyxm.invalid> | it has plenty of bright lights and
X I'm really at ac.dekanfrus | excitement, but also dark alleys
/ \ if you read it the right way. | down which the unwary get mugged.
R.Wieser
2024-06-13 07:52:01 UTC
Permalink
Charlie,
Post by Charlie Gibbs
Post by R.Wieser
0x14077410 - SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure
I've encountered a similar problem. As far as I can ascertain, it means
that the server is making a non-TLS response to a TLS handshake.
Hmmm... My (ancient) FireFox browser has no problem with accessing the same
site, making me assume its something on my end that goes wrong. Any idea
what it might be and/or how to fix - Or even just how I can pin-point - it ?
Post by Charlie Gibbs
Version 1.0.2 is pretty old. Try a newer version; they're up to 3.3.1 now.
Any chance you know of a website where they have pre-compiled DLLS for
download and mention which version of Windows it needs - and preferrable
have (links to) information/tutorials/example-code about how to use those
DLLs ? (Having to spend multiple hours scouring the 'intarwebz' for even
just headerfiles has become less-and-less appealing).

Regards,
Rudy Wieser
Charlie Gibbs
2024-06-13 18:43:39 UTC
Permalink
Post by R.Wieser
Post by Charlie Gibbs
Post by R.Wieser
0x14077410 - SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure
I've encountered a similar problem. As far as I can ascertain, it means
that the server is making a non-TLS response to a TLS handshake.
Hmmm... My (ancient) FireFox browser has no problem with accessing the same
site, making me assume its something on my end that goes wrong. Any idea
what it might be and/or how to fix - Or even just how I can pin-point - it ?
You might be trying to establish a TLS 1.1 connection to a server that
wants TLS 1.3.
Post by R.Wieser
Post by Charlie Gibbs
Version 1.0.2 is pretty old. Try a newer version; they're up to 3.3.1 now.
Any chance you know of a website where they have pre-compiled DLLS for
download and mention which version of Windows it needs - and preferrable
have (links to) information/tutorials/example-code about how to use those
DLLs ? (Having to spend multiple hours scouring the 'intarwebz' for even
just headerfiles has become less-and-less appealing).
In a word, no. Besides, not being a fan of DLLs, I was looking for
a way to build modules I could statically link, using a compiler of
my choosing. Although I had managed to build 1.0.1g with the Borland
C++ Builder 5.5 I've been using to build all my software, I had to
switch to MinGW to build version 3.x of libcrypto.a and libssl.a -
and then, of course, I had to change my makefiles to compile the
calling programs with MinGW as well.

It's a lot of work. Take a close look at https://www.openssl.org
and be prepared to use your favourite search engine a lot.

Under Linux it's _so_ much easier - everything is built in.
--
/~\ Charlie Gibbs | The Internet is like a big city:
\ / <***@kltpzyxm.invalid> | it has plenty of bright lights and
X I'm really at ac.dekanfrus | excitement, but also dark alleys
/ \ if you read it the right way. | down which the unwary get mugged.
R.Wieser
2024-06-13 19:21:17 UTC
Permalink
Charlie,
Post by Charlie Gibbs
Any idea what it might be and/or how to fix - Or even just how I
can pin-point - it ?
You might be trying to establish a TLS 1.1 connection to a server
that wants TLS 1.3.
Possible. Heck, /everything/ is possible right now. I've written my code
using tidbits I found here-and-there, and do not even know how to check
which encryptions are currently enabled - or, if availablet, how to add
others.

IOW, I think I'm lucky that my code actualy runs. :-|
Post by Charlie Gibbs
Any chance you know of a website where they have pre-compiled DLLS
for download
[snip]
Post by Charlie Gibbs
In a word, no. Besides, not being a fan of DLLs, I was looking
for a way to build modules I could statically link, using a compiler
of my choosing.
I like DLLs myself, as my own programs can than stay small (as an Assembly
programmer (Borands Tasm v5) I like small).
Post by Charlie Gibbs
It's a lot of work. Take a close look at https://www.openssl.org
I already downloaded their latest, and was positivily surprised it needed
only two DLLs. I also saw a folder with a lot of header files. The problem
is that knowing which functions are available which arguments each of them
needs doesn't give any insight to in which order they need to be used and/or
which ones need to be used in pairs. :-|
Post by Charlie Gibbs
and be prepared to use your favourite search engine a lot.
I will probably at least try.

Than again, I might just try to disasemble the "openssl.exe" program (or
just intercept its calls to its DLLs) and take a hint or two from that.

... but I stil rather have some example code (the above is rather
time-consuming)

Regards,
Rudy Wieser

Loading...