"SSL handshake failed: Error during SSL handshake: error:0A00010B:SSL routines::wrong version number" QNetworkReply::SslHandshakeFailedError
-
Greetings
I have just recently upgraded from Qt 6.5.1 Qt 6.5.3 and everthing went well, but when i try to make some network requests (using the same code ) in Qt 6.5.3, i keep getting this strange error:
"SSL handshake failed: Error during SSL handshake: error:0A00010B:SSL routines::wrong version number"
I checked for the Openssl version used in Qt 6.5.3 and it got
qDebug()<<" ssl versions "<<QSslSocket::sslLibraryBuildVersionNumber()<<" "<<QSslSocket::sslLibraryBuildVersionString()<<" "<<QSslSocket::sslLibraryVersionString(); // Output ssl versions 805306480 "OpenSSL 3.0.7 1 Nov 2022" "OpenSSL 3.0.11 19 Sep 2023"
This Openssl version was installed as a package in the Qt online installer. And i also tried copying the libssl-3-x64.dll and libcrypto-3-x64.dll files in both my project`s .exe folder and in the QT_INSTALL_DIR/6.5.3/msvc2019_64/bin, and i also tried testing this issue in android and got the same error.
Here is my simple request code
void test() { QNetworkRequest request; QUrlQuery qury; qury.setQuery("https://apis.gowwr.com/1/login?"); qury.addQueryItem("username", "Test User Name"); qury.addQueryItem("password", "111111111"); request.setUrl(qury.query()); auto mReply = gw_network_manager->getNetworkManager()->get(request); if (mReply) { QObject::connect(mReply, &QNetworkReply::finished, [=]() mutable { if (!mReply) return; qDebug()<<"Has error "<<mReply->errorString()<<" "<<mReply->error(); // The above line outputs // Has error "SSL handshake failed: Error during SSL handshake: error:0A00010B:SSL routines::wrong version number" //QNetworkReply::SslHandshakeFailedError if (mReply->error()) { // has error }else{ // has no eror } mReply->deleteLater(); mReply= 0; }); } }
Any ideas on how i can fix this issue
-
Hi @Sheep,
"SSL handshake failed: Error during SSL handshake: error:0A00010B:SSL routines::wrong version number"
I don't believe this error is indicating an issue with your OpenSSL library version/s, but rather an issue with version indicators in the SSL/TLS handshake (ie between your client and server).
I would first bypass your app to check that the server is behaving correctly. Try running something like:
openssl s_client apis.gowwr.com:443
or
curl -v https://apis.gowwr.com/1/login
Actually, I see your server is public, so I just tested it:
$ openssl s_client apis.gowwr.com:443 CONNECTED(00000003) 804BF42D047F0000:error:0A00010B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:354: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 316 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) ---
And Curl:
$ curl -sv https://apis.gowwr.com/1/login * Trying 117.50.108.124:443... * Connected to apis.gowwr.com (117.50.108.124) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * CAfile: /etc/ssl/certs/ca-certificates.crt * CApath: /etc/ssl/certs * TLSv1.0 (OUT), TLS header, Certificate Status (22): * TLSv1.3 (OUT), TLS handshake, Client hello (1): * (5454) (IN), , Unknown (72): * error:0A00010B:SSL routines::wrong version number * Closing connection 0
As you can see, even my local
openssl
andcurl
show that error for the server you're talking to. Do you control / have access to the server?Cheers.
-
@Sheep The site is misconfigured to deliver unprotected HTTP on the HTTPS port. From Wireshark:
... Internet Protocol Version 4, Src: 117.50.108.124, Dst: 192.168.1.6 Transmission Control Protocol, Src Port: 443, Dst Port: 35162, Seq: 1, Ack: 518, Len: 1399 Hypertext Transfer Protocol [Expert Info (Warning/Security): Unencrypted HTTP protocol detected over encrypted port, could indicate a dangerous misconfiguration.] [Unencrypted HTTP protocol detected over encrypted port, could indicate a dangerous misconfiguration.] [Severity level: Warning] [Group: Security] HTTP/1.1 403 Forbidden\n ...
-
@ChrisW67 said in "SSL handshake failed: Error during SSL handshake: error:0A00010B:SSL routines::wrong version number" QNetworkReply::SslHandshakeFailedError:
The site is misconfigured to deliver unprotected HTTP on the HTTPS port
I'm not sure that's quite correct...
$ telnet apis.gowwr.com 443 Trying 117.50.108.124... Connected to api-gateway.bmob.site. Escape character is '^]'. GET / HTTP/1.0 HTTP/1.1 400 Bad Request Server: openresty/1.15.8.1 Date: Wed, 01 Nov 2023 03:22:22 GMT Content-Type: text/html Content-Length: 261 Connection: close <html> <head><title>400 The plain HTTP request was sent to HTTPS port</title></head> <body> <center><h1>400 Bad Request</h1></center> <center>The plain HTTP request was sent to HTTPS port</center> <hr><center>openresty/1.15.8.1</center> </body> </html> Connection closed by foreign host.
Cheers.