OpenSSL connection: alert internal error

Question

I have 100 HTTPS services running on a single server using SNI. (Actually, I don\'t have access to them. It\'s an assignment. All I know are their domain names N.xxx.y

Answer 1

Since you wrote that -tls1_2 does not work I assume either you and/or the server uses an older openssl library. The current version while writing this is 1.1.0e

There were quite some fixes since 0.9.8, which could often be seen on older systems.

For Version 1.0.1 there was this fix, which sounds like your problem:

 `Some servers which support TLS 1.0 can choke if we initially indicate
 support for TLS 1.2 and later renegotiate using TLS 1.0 in the RSA
 encrypted premaster secret. As a workaround use the maximum permitted
 client version in client hello, this should keep such servers happy
 and still work with previous versions of OpenSSL.`

Maybe also notable:

Don't allow TLS 1.2 SHA-256 ciphersuites in TLS 1.0, 1.1 connections.

So I would suggest to update your openssl-Version and in case of the servers out of your control I would stick to the settings you already found.