Does openssl errno 104 mean that SSLv2 is disabled?

I want to check if my server has SSLv2 disabled. I am doing this by attempting to connect remotely with openssl with the following shell command.

openssl s_client -connect HOSTNAME:443 -ssl2

Most literature I could find on the Internet says if I see something similar to the following error then SSLv2 is properly disabled.

29638:error:1407F0E5:SSL routines:SSL2_WRITE:ssl handshake failure:s2_pkt.c:428:

I do get the above error when connecting to my Ubuntu server with SSLv2 disabled in Apache Apache but when I connect to my Windows Server 2008 R2 server with SSLv2 disabled in the registry I get the following output and error.

CONNECTED(00000003)
write:errno=104

I can't find any literature explaining this output and error. If anybody could explain to me if and why this output and error means that SSLv2 is properly disabled, I would appreciate it.

Thanks!

3 Answers

At least on Linux, 104 is ECONNRESET for "Connection reset by peer" – in other words, the connection was forcibly closed with a TCP RST packet, either sent out by the server or spoofed by an intermediary.

I would try Wireshark/tshark on the Ubuntu server to see what actually gets sent. If the RST is real, it could be that the httpd process died – check the log files and dmesg just in case.


The Qualys SSL Server Test website can show all SSL/TLS versions supported by your web server. (Unfortunately, it doesn't even bother with TLS SNI...)

2

There is likely a mismatch between the ciphers that are supported by your server, and those supported by the recipient's server.

1

I had the same error and it was related to interface MTU. Setting the client interface MTU to 1492 (it was 1500), solved this error for me.

1

Your Answer

Sign up or log in

Sign up using Google Sign up using Facebook Sign up using Email and Password

Post as a guest

By clicking “Post Your Answer”, you agree to our terms of service, privacy policy and cookie policy

You Might Also Like