XCOM SSL loopback "SSL3_GET_RECORD:wrong version number"
search cancel

XCOM SSL loopback "SSL3_GET_RECORD:wrong version number"


Article ID: 247353


Updated On:


XCOM Data Transport XCOM Data Transport - Linux PC XCOM Data Transport - Windows XCOM Data Transport - z/OS


Attempting to configure SSL for "CA XCOM Data Transport r11.6 14080 SP00 64bit" on AIX and encountering the following error in the xcom.log from a loopback test.
The configssl.cnf file has SSL_METHOD parameters set to v3, as only SSL v3 and TLS v1.0 are supported by the above XCOM version.

XCOMU0780E Txpi  308: TxpiInitSSL Failed msg = <error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number> value = 4294967295:

Additional messages:
#XCOMU0297E Error requesting header confirmation: Txpi  227: Socket received 0 bytes: partner closed socket. Last error: 0
#XCOMU0298E Unable to allocate remote transaction program: Txpi  215: Socket send error return value = 9


Release : 11.6

Component : XCOM Data Transport for AIX


The SSL_METHOD parameter setting is actually unrelated to the root cause of the problem..
The loopback test configuration file contained the parameter "PORT=8045" to connect to the correct SSL port but did not contain parameter "SECURE_SOCKET=YES".
The parameter SECURE_SOCKET defaults to NO and is required to be set to YES when executing a transfer which uses an SSL port/socket.
Using "PORT=8045" with "SECURE_SOCKET=YES" resolved the problem.

Additional Information

1. The same "SSL3_GET_RECORD:wrong version number" error will also be encountered when inadvertently using the incorrect combination of unsecure port "PORT=8044" with "SECURE_SOCKET=YES".

2. If using current version r11.6 SP01 with "SECURE_SOCKET=YES" not set the error will be different when using SSL_METHOD parameter value of all. See related KB article: XCOM loopback "SSL23_GET_CLIENT_HELLO:unknown protocol"

XCOM for Unix r11.6 14080 SP00 64bit is a relatively old release and 14080 is only 3 patch levels higher than SP00 GA. Also SP00 has been superseded by SP01.
Therefore support would strongly advise considering an upgrade to r11.6 SP01 and also installing its latest patch to be at the latest maintenance level. SP01 will also provide TLS v1.2 support.
More details here:
XCOM Data Transport for UNIX/Linux 11.6.1 > Installing > Install Using ISO Conventional Method > Upgrade Using ISO Conventional Method
XCOM Data Transport for UNIX/Linux 11.6.1 > Release Notes > Enhanced Features > Service Pack 11.6.01