dlundquist
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Sometimes this error is reported when i enter into some specific websites proxied by sniproxy:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
I have followed advice from #300
Set sniproxy‘s resolver to
mode ipv4_only
but still comes out the same error above.
Both my friend and i have do some tests : We both use chrome in incognito mode to exclude some other effects (cookie and etc), and we use different network , same vps proxy to specific website , my friend get the error above while i visit that website normally.
It's quite strange this issue got resolved after i restart sniproxy again , i still can not figure out reason
I think i'm able to create the issue on demand, my exchange server returns same error when going through sniproxy, when going direct the tls is good..
I can see that sniproxy is using ipv6 internally in my domain. so I'm trying to set the ipv4_only resolver mode.
Direct request: echo | openssl s_client -host nosni.contoso.com -port 443:
... subject=CN = nosni.contoso.com
issuer=C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA Server Temp Key: ECDH, P-256, 256 bits
SSL handshake has read 3527 bytes and written 450 bytes Verification: OK
New, TLSv1.2, Cipher is ECDHE-RSA-AES128-GCM-SHA256 Server public key is 3072 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES128-GCM-SHA256 ...
Through sniproxy: echo | openssl s_client -host sni.contoso.com -port 443:
CONNECTED(00000005) 140554009338304:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1528:SSL alert number 40
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 320 bytes Verification: OK
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok)
--
let me know if you need help with more data.
I'm running sniproxy from apt distro on ubuntu server 20.04 openssl from another ubuntu server on v18
Br,
Henrik
Hi Encounter the same problem.
echo | openssl s_client -host linetv.tw -port 443
CONNECTED(00000005)
140319170957760:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1528:SSL alert number 40
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 311 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
But other domains proxied through sniproxy work fine Restart sniproxy still doesn't fix the problem
In addition, I have 2 other servers When proxying the same domain (using the exact same version and configuration file) Only one of the servers will work
Hi Encounter the same problem.
echo | openssl s_client -host linetv.tw -port 443 CONNECTED(00000005) 140319170957760:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:../ssl/record/rec_layer_s3.c:1528:SSL alert number 40 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 311 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) ---But other domains proxied through sniproxy work fine Restart sniproxy still doesn't fix the problem
In addition, I have 2 other servers When proxying the same domain (using the exact same version and configuration file) Only one of the servers will work
It might be useful to try force restart(kill -9 pid & service sniproxy start) rather than restart