Strange error: "UNSUPPORTED TLS VERSION 0"

[ronaaron]

Compiling with debug info, and trying to access "https://www.posti.fi/fi"

Getting:

Initializing dependencies
UNSUPPORTED TLS VERSION 0
Consumed -4 bytes
ERROR IN CONSUME: -4

[ronaaron]

The example tlssimple.c is able to connect, and the only difference I can determine is that it's using "TLS_AMALGAMATION" and I'm using a differently compiled version of tomcrypt. I'll see if that is really the difference (I hope not, since it will be difficult to incorporate I think).

[ronaaron]

So... incorporating the amalgamation doesn't make a difference. Very frustrating.

[ronaaron]

More confusing: sometimes it does work, and sometimes it doesn't. Perhaps an uninitialized value?

[ronaaron]

Message type: 17, length: 29
encrypted (29): 00 00 00 00 00 00 00 0F 2C CE 88 A0 29 5E 87 C0 2E C0 CB 24 74 89 35 E3 04 D1 F0 DF 38 
aad (13): 00 00 00 00 00 00 00 0F 17 03 03 00 05 
aad iv (12): 28 0E C4 53 00 00 00 00 00 00 00 0F 
PT SIZE: 5
decrypted (5): 30 0D 0A 0D 0A 
tag (16): 5E 87 C0 2E C0 CB 24 74 89 35 E3 04 D1 F0 DF 38 
APPLICATION DATA MESSAGE (TLS VERSION: 303):
0

Consumed 10 bytes
OK
UNSUPPORTED TLS VERSION 0
Consumed -4 bytes
ERROR IN CONSUME: -4

[ronaaron]

Just to clarify, there are two URLs which are currently causing me problems:

• https://www.calendardate.com/todays.htm
• https://www.posti.fi/en

The first one seems to be using a Cloudflare certificate, so that is probably related to #53

The second is mysterious "unsupported TLS version"

[ronaaron]

The 'calendardate' URL gives me a TLS "handshake fail" because it can't negotiate a cipher. The other is... no idea.

[ronaaron]

So it turns out the 'calendardate' url problem was lack of SNI on the client side. The error returned could be more informative...

The remaining issue is the original: postfi.fi

[ronaaron]

Screw it. The posti.fi issue is ALSO "SNI" (needs to be www.posti.fi). Crap, the error messages are not very useful!