2

I'm trying to connect to a server (written in Golang) using Boost Asio. I can connect and read/write fine unencrypted, but I can't seem to get SSL support to work. Basically, whenever I attempt a handshake I receive a "wrong version number".

Here's a snippet that shows how I'm trying to set it up. I'm not trying to perform any verification, just get the connection going. At this point in the code, the client has connected to the server and swapped some unencrypted commands.

boost::asio::ssl::context ctx(*ios, boost::asio::ssl::context::tlsv12_client);  //also tried sslv23, etc
ctx.set_verify_mode(boost::asio::ssl::context::verify_none);
this->sslSocket = new boost::asio::ssl::stream<boost::asio::ip::tcp::socket&>(*socket, ctx);  
this->sslSocket->async_handshake(boost::asio::ssl::stream_base::client,
            boost::bind(&MyConnection::handleHandshake, this,
            boost::asio::placeholders::error));

&MyConnection::handleHandshake() receives the result of the handshake.

So questions are:

  • Is the above code doing everything it should normally need to do to connect to a server? Am I missing a step?
  • Are there server side issues that might be in play? I checked throught the Go code, and it does look to support TLS 1.0/1.1/1.2 as well as SSL 2 & 3
kenba
  • 4,303
  • 1
  • 23
  • 40
GrandmasterB
  • 3,396
  • 1
  • 23
  • 22
  • Not sure what you want to know. The above code does not attempt to verify certificate of server so it is vulnerable to man-in-the-middle attack, but I thought it is apparent. – Öö Tiib Jul 19 '17 at 01:03
  • @ÖöTiib Right, at the moment just trying to get past the 'wrong version' error. This runs on an internal network across various machines, and I don't at the moment have info on the certs. – GrandmasterB Jul 19 '17 at 02:59
  • It seems that ctx.set_options( ... );. with options like boost::asio::ssl::context::default_workarounds that may be missing. See those at http://www.boost.org/doc/libs/1_64_0/doc/html/boost_asio/reference/ssl__context_base.html – Öö Tiib Jul 19 '17 at 16:29
  • I had this problem when I was (mistakenly) trying to connect to port 80 instead of 443 – zer0hedge Sep 20 '20 at 08:38

1 Answers1

3

I faced the same problem, later came to know I was trying to connect to port 80 instead of 443 (SSL port). By changing the port to 443, issue got resolved.

rahul
  • 59
  • 1
  • 8