I am trying to connect to a PostgreSQL server with SSL support using C ++ OpenSSL libraries. I can connect to the PostgreSQL server and establish a connection without SSL, but when I try to initialize the SSL connection, the Handshake process failed:
Error XXXXX:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:ssl\record\ssl3_record.c:252:
When analyzing through Wireshark, I realized that the client closes the connection to the version of the warning protocol (which means that the client does not support the version of the server protocol, as stated in RFC5246). Because Client Hello and Server Hello are complete, the client is not responding.
I tried the following solutions,
- Disabling SSL Versions Other Than TLS 1.2
- The returned callback is always true without any validation.
void ConfigureCtx(SSL_CTX* ctx) { SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL); SSL_CTX_set_cert_verify_callback(ctx, TrueCallback, NULL); SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1); }
- Tested using different client methods
SSL_CTX* CreateSslCtx() { SSL_CTX *ctx; ctx = SSL_CTX_new(TLSv1_2_client_method()); return ctx; }
- Also, I tried with the OpenSSL v 1.1.0 and 1.0.2 package.
PostgreSQL Server Information:
- PGSQL Server Version: 9.6.2
- PGSQL SSL: TLS 1.2
- OS: Windows 7
- OpenSSL Version: 1.0.2
Customer Details:
- Client: Cpp Win 32 Application
- OS: Windows 8.1
- External libraries: Openssl v 1.1.0
source share