• Guit
  • Member
  • Offline
  • Registered: 2017-09-06
  • Posts: 1

Topic: Error 308 with client on my server

Hi

I am completly new in the ssl world : I am trying to compile wolfssl on raspberry pi, in order to use it with WifiDog.
I had an error with Wifidog, so I decide first to try to contact my server with the client app (in ./example/client)

I have followed some explanation on the forum, and I compile wolfssl with this parameters :

./configure --enable-opensslextra --enable-ecc --enable-supportedcurves --enable-debug --enable-psk --enable-aesccm --enable-debug --enable-aesgcm C_EXTRA_FLAGS="-DWOLFSSL_STATIC_RSA"

When I run 

./examples/client/client -h yahoo.com -p 443 -d -g

it seems to work

But when I do it on my server I have this error :

connect state: CLIENT_HELLO_SENT
Embed receive connection closed
wolfSSL error occurred, error = 308 line:8672 file:src/ssl.c
wolfSSL Entering SSL_get_error
wolfSSL Leaving SSL_get_error, return -308
wolfSSL Entering ERR_error_string
wolfSSL_connect error -308, error state on socket
wolfSSL Entering SSL_free

I have run nmap on my server and I have this result :

PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers: 
|   TLSv1.0: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|     compressors: 
|       NULL
|     cipher preference: server
|     warnings: 
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|   TLSv1.1: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|     compressors: 
|       NULL
|     cipher preference: server
|     warnings: 
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|   TLSv1.2: 
|     ciphers: 
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
|       TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
|       TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
|       TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
|     compressors: 
|       NULL
|     cipher preference: server
|     warnings: 
|       64-bit block cipher 3DES vulnerable to SWEET32 attack
|_  least strength: C

I am trying to make it works since hours, but no success, some help would be very welcome

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: Error 308 with client on my server

Hi Guit,

You said you are trying to run this command on your server. The error that is occurring is a socket bind error. This means there is another service already using the port you are attempting to assign to your client OR those ports are disabled for security purposes.

Could you start up wireshark and execute the client as done above and check which port is being selected as the "Source Port" on the client side?

See screen shot for example:

Warm Regards,

Kaleb

Post's attachments

Screen Shot 2017-09-18 at 08.55.40.png
Screen Shot 2017-09-18 at 08.55.40.png 498.87 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Kaleb J. Himes's Website

Share

  • From: Bozeman
  • Registered: 2014-05-09
  • Posts: 777

Re: Error 308 with client on my server

Hi Guit,

While we wait to hear back from you on the port number could you tell us a little more about the project you are working on and the need your solution will address? Is this a new project or an update to an old project?

If we can better understand your use-case and end goals we can likely point to the best source of documentation to assist you in getting up and running more smoothly!

Warm Regards,

Kaleb

Kaleb J. Himes's Website

Share