Topic: Client Hello return "VERSION ERROR"

i am porting wolfssl with version 5.5.4,when i try to test SSL,it always return "verion ERROR",pls help.

log below:wolfSSL Entering SSL_connect()
wolfSSL Entering SendClientHello
Adding signature algorithms extension
Signature Algorithms extension to write
Point Formats extension to write
Supported Groups extension to write
Encrypt-Then-MMac extension to write
MMax Fragment Length extension to write
EMMS extension to write
HashRaw:
Data:
    01 00 00 6e 03 03 2b ae cd 90 ba 70 15 9f 79 24 |...n..+....p..y$
    9a b5 43 09 23 22 a9 4a 03 d7 c5 0c 38 c5 c2 4d |..C.#".J....8..MM
    7b 3d 31 b5 fc 6e 00 00 16 00 ff c0 2b c0 2f c0 |{=1..n......+./.
    27 c0 23 c0 0a c0 09 c0 08 c0 14 c0 13 c0 12 01 |'.#.............
    00 00 2f 00 0d 00 0a 00 08 04 03 02 03 04 01 02 |../.............
    01 00 0b 00 02 01 00 00 0a 00 0a 00 08 00 19 00 |................
    18 00 17 00 15 00 16 00 00 00 01 00 01 03 00 17 |................
    00 00                                           |..
Hashes:
Sha256
    c8 97 ce bd 64 0c 3f ad 44 06 b6 ca 9f 2c 57 80 |....d.?.D....,W.
    32 53 61 be 5c aa e6 bf 1e 01 ee 9d 52 55 48 e3 |2Sa.\.......RUH.
wolfSSL Entering SendBuffered
Data to send(119)
    16 03 03 00 72 01 00 00 6e 03 03 2b ae cd 90 ba |....r...n..+....
    70 15 9f 79 24 9a b5 43 09 23 22 a9 4a 03 d7 c5 |p..y$..C.#".J...
    0c 38 c5 c2 4d 7b 3d 31 b5 fc 6e 00 00 16 00 ff |.8..MM{=1..n.....
    c0 2b c0 2f c0 27 c0 23 c0 0a c0 09 c0 08 c0 14 |.+./.'.#........
    c0 13 c0 12 01 00 00 2f 00 0d 00 0a 00 08 04 03 |......./........
    02 03 04 01 02 01 00 0b 00 02 01 00 00 0a 00 0a |................
    00 08 00 19 00 18 00 17 00 15 00 16 00 00 00 01 |................
    00 01 03 00 17 00 00                            |.......

-----<CommonNetSocSend,628>send(119)
16 03 03 00 72 01 00 00 6E 03 03 2B AE CD 90 BA 70 15 9F 79 24 9A B5 43 09 23 22 A9 4A 03 D7 C5 0C 38 C5 C2 4D 7B 3D 31 B5 FC 6E 00 00 16 00 FF C0 2B C0 2F C0 27 C0 23 C0 0A C0 09 C0 08 C0 14 C0 13 C0 12 01 00 00 2F 00 0D 00 0A 00 08 04 03 02 03 04 01 02 01 00 0B 00 02 01 00 00 0A 00 0A 00 08 00 19 00 18 00 17 00 15 00 16 00 00 00 01 00 01 03 00 17 00 00 

-----<CommonNetSocSend,647>send_by_WIFI(119) OK
16 03 03 00 72 01 00 00 6E 03 03 2B AE CD 90 BA 70 15 9F 79 24 9A B5 43 09 23 22 A9 4A 03 D7 C5 0C 38 C5 C2 4D 7B 3D 31 B5 FC 6E 00 00 16 00 FF C0 2B C0 2F C0 27 C0 23 C0 0A C0 09 C0 08 C0 14 C0 13 C0 12 01 00 00 2F 00 0D 00 0A 00 08 04 03 02 03 04 01 02 01 00 0B 00 02 01 00 00 0A 00 0A 00 08 00 19 00 18 00 17 00 15 00 16 00 00 00 01 00 01 03 00 17 00 00 
<NetSend>size_wite=119
--CBIOSend_ret=119
wolfSSL Leaving SendClientHello, return 0
connect state: CLIENT_HELLO_SENT
wolfSSL Entering ProcessReplyEx
RetrySendAlert ret=0
ssl->options.processReply=0
ssl->options.dtls=0
wolfSSL Entering GetInputData
<NetRecv>Re_recv_len=5

-----<CommonNetSocRecv-738>  maxDataLength=5  uiTimeoutMMs=30000

Wifi Rece Sec Down = 30

common wifi received(5):

15 00 00 00 02 

<NetRecv>POS_recv_len=5
wolfSSLReceive-recv=5
Data received
    15 00 00 00 02                                  |.....
wolfSSL Entering GetRecordHeader
rh->pvMMajor=0
rh->pvMMinor=0
ssl->version.major=3
ssl->version.minor=3
SSL version error
wolfSSL Entering SendAlert
wolfSSL Entering SendBuffered
Data to send(7)
    15 03 03 00 02 02 46                            |......F

-----<CommonNetSocSend,628>send(7)
15 03 03 00 02 02 46 

-----<CommonNetSocSend,647>send_by_WIFI(7) OK
15 03 03 00 02 02 46 
<NetSend>size_wite=7
--CBIOSend_ret=7
wolfSSL Leaving SendAlert, return 0
wolfSSL error occurred, error = -326
ERROR: failed to connect to wolfSSL

user_setting:

#ifndef WOLFSSL_USER_SETTINGS_H
#define WOLFSSL_USER_SETTINGS_H

#ifdef __cplusplus
extern "C" {
#endif


#define SIZEOF_LONG 4
#define SIZEOF_LONG_LONG 8

//#define WOLFSSL_TYPES
//#define WOLFSSL_BIGINT_TYPES
//#define BIG_ENDIAN_ORDER
#define NO_WRITEV
#define WOLFSSL_USER_IO
#define LARGE_STATIC_BUFFERS
#if defined(LARGE_STATIC_BUFFERS)
#define WOLFSSL_STATIC_MEMORY

    //#define WOLFSSL_DEBUG_STATIC_MEMORY
    //#define WOLFSSL_DEBUG_MEMORY
#define WOLFSSL_NO_MALLOC
/*Use of the static memory feature requires that WOLFSSL_SMALL_STACK not be turned on and that USE_FAST_MATH be defined*/
#define USE_FAST_MATH///add
#define WOLFMEM_BUCKETS  64,256,384,432,512,1632,2976,3456,33740
#define WOLFMEM_DIST     16,8,6,4,4,2,2,1,1
/*memory alignment:16bytes by default*/
#define WOLFSSL_STATIC_ALIGN 8
/*static IO buffer size is 16,992 bytes by default*/
#define WOLFMEM_IO_SZ 512
/*Maximum Fragment Length for SSL objects created from the SSL context passed in the 'ctx' parameter*/
#define HAVE_MAX_FRAGMENT
#if defined(HAVE_MAX_FRAGMENT)
#define HAVE_TLS_EXTENSIONS
#endif
#endif
//#define WOLFSSL_SMALL_STACK
#define NO_FILESYSTEM
#define SINGLE_THREADED
#define NO_DEV_RANDOM
//#define NO_HMAC

#define TFM_TIMING_RESISTANT
#define DEBUG_WOLFSSL
#define USER_TIME
#ifndef WOLFSSL_STATIC_MEMORY
#define XMALLOC_USER
#endif


//#define XMALLOC(s, h, type)     lark_alloc_mem((s))
//#define XFREE(p, h, type)    lark_free_mem((p))
//#define XREALLOC(p, n, h, t) port_realloc(((p), (n))
/*user log*/
#define WOLFSSL_USER_LOG(m)   TRACE(DBG_TRACE_LVL,"%s\r\n",m)
/*disable server side*/
//#define NO_WOLFSSL_SERVER

#define WC_RNG_SEED_CB

#define WOLFSSL_DEBUG_TLS

//#define WOLFSSL_TLS13

#define HAVE_RENEGOTIATION_INDICATION
#define HAVE_ECC
#define HAVE_AESGCM
#define NO_DH
#define HAVE_SESSION_TICKET

#define HAVE_SUPPORTED_CURVES
#define HAVE_EXTENDED_MASTER
#define WOLFSSL_DTLS
#define HAVE_ENCRYPT_THEN_MAC

#ifdef __cplusplus
}
#endif

#endif /* WOLFSSL_USER_SETTINGS_H */

Share

Re: Client Hello return "VERSION ERROR"

Hi Tom,

Version error/-326 means the client and server were unable to match TLS versions.
Most likely, your server needs a TLS version you are not building with.  By default, we only enable TLS 1.2 and 1.1.
I would start with TLS 1.3, which you can enable by defining WOLFSSL_TLS13 HAVE_TLS_EXTENSIONS and HAVE_SUPPORTED_CURVES in your user_settings.h.
If instead you need TLS 1.0, you can define WOLFSSL_ALLOW_TLSV10 to enable this.

If you still have issues, please confirm how you are setting up your wolfSSL context, for example ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()).  Try using wolfSSLv23_client_method() if you aren't already, as this allows us to select the TLS version at connect time.

Thanks,
Kareem

Share