grpc: Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER.

Failed in this test:https://grpc-testing.appspot.com/job/gRPC_pull_requests_linux/2401/console

stderr:
E0201 05:36:40.466630118    7952 ssl_transport_security.c:947] Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER.
E0201 05:36:40.468019862    7952 ssl_transport_security.c:947] Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER.


Unexpected successes: []
Test failure

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Comments: 21 (12 by maintainers)

Most upvoted comments

Hey @nathanielmanistaatgoogle I have a test case.

  • Edited. I think that in my case this is user error. This bug only occurs when I’m trying to connect from insecure client to a secure port on a server.

I made a branch of https://github.com/grpc to change the route_guide example so that the server adds a secure port using add_secure_port instead of add_insecure_port. You can see the changes here https://github.com/EchoParkLabs/grpc/commit/5c060584260633235959dfedbcb45992d2aabcc0

    #server.add_insecure_port('[::]:50051')
    with open('server.key') as f:
        private_key = f.read()
    with open('server.crt') as f:
        certificate_chain = f.read()

    server_credentials = grpc.ssl_server_credentials(
      ((private_key, certificate_chain,),))

    server.add_secure_port('[::]:50051', server_credentials)

Then use the following Dockerfile to build the test case: https://gist.github.com/davidraleigh/08acc72495922dc149a86e004f435492

FROM python:2.7

RUN pip install grpcio
RUN pip install grpcio-tools

WORKDIR /opt

RUN git clone https://github.com/EchoParkLabs/grpc.git --branch wrong-version-number --depth 1

WORKDIR /opt/grpc/examples/python/route_guide

RUN openssl req -nodes -newkey rsa:2048 -x509 -days 365 -keyout server.key -out server.crt -subj "/C=US/ST=California/L=Los Angeles/O=Echo Park Labs/OU=Software/CN=echoparklabs.io"

CMD python route_guide_server.py

To run the test you’ll need to run the following command in two terminals. terminal 1:

sudo docker build -t test .
sudo docker run -it --name=wrong-version-c test

terminal 2:

sudo docker exec -it wrong-version-c /bin/bash -c 'python route_guide_client.py'

You will see the ‘WRONG_VERSION_NUMBER’ error in terminal 1:

Handshake failed with fatal error SSL_ERROR_SSL: error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER.

And just for proof that the certificates aren’t the problem here’s an example of the same exact certificate working with Java:

https://gist.github.com/davidraleigh/9f31f9a2fd27c71a473159d4b911a6e7

+4
davidraleigh on Feb 19, 2018

This is still happening with C# on 1.7.1.

+1
zaneclaes on Dec 6, 2017
Read more comments on GitHub
← grpc: Grpc.Tools doesn't support same filename in different folders
grpc: Handshake read failed security_handshaker.c:126 (php client) →