Use the <b class="cmd">tls::protocols</b> command to obtain the supported
protocol versions.</p>
</div>
<div id="section9" class="doctools_section"><h2><a name="section9">Error Messages</a></h2>
<p>Some OpsnSSl error messages have cryptic meanings. This is a list of messages
along with their true meaning.</p>
<dl class="doctools_definitions">
<dt><i class="arg">handshake failed: certificate verify failed due to &quot;unable to get local issuer certificate&quot;</i></dt>
<dd><p>The certificates in the CA file or certificate store either do not have one or
more issuers of the certificates you are validating or they have expired.
Usually this means you need an updated CAcert file.</p></dd>
<dt><i class="arg">packet length too long</i></dt>
<dd><p>Client has tried to connect to a HTTP server on the plain-text port instead of
the SSL/TLS port.</p></dd>
<dt><i class="arg">unexpected eof while reading</i></dt>
<dd><p>The peer has closed the connection without sending the &quot;close notify&quot; shutdown
alert. Some servers will terminate the connection after the file or webpage has
been sent without sending the &quot;close notify&quot; message. In this case, it should
not result in a loss of data.</p></dd>
<dt><i class="arg">wrong version number</i></dt>
<dd><p>Client has tried to connect to a non-HTTP server on a non-TLS (i.e. plain text) port.</p></dd>
</dl>
</div>
<div id="see-also" class="doctools_section"><h2><a name="see-also">See Also</a></h2>
<p><a href="https://www.openssl.org/">OpenSSL</a>, http, socket</p>
</div>

[section "Error Messages"]

Some OpsnSSl error messages have cryptic meanings. This is a list of messages
along with their true meaning.

[list_begin definitions]

[def [arg "handshake failed: certificate verify failed due to \"unable to get local issuer certificate\""]]
The certificates in the CA file or certificate store either do not have one or
more issuers of the certificates you are validating or they have expired.
Usually this means you need an updated CAcert file.

[def [arg "packet length too long"]]
Client has tried to connect to a HTTP server on the plain-text port instead of
the SSL/TLS port.

[def [arg "unexpected eof while reading"]]
The peer has closed the connection without sending the "close notify" shutdown
alert. Some servers will terminate the connection after the file or webpage has
been sent without sending the "close notify" message. In this case, it should
not result in a loss of data.

[def [arg "wrong version number"]]
Client has tried to connect to a non-HTTP server on a non-TLS (i.e. plain text) port.

[list_end]

[manpage_end]

older protocol versions, add or remove ciphers, change default values, etc\&.
Use the \fBtls::protocols\fR command to obtain the supported
protocol versions\&.
.SH "ERROR MESSAGES"
Some OpsnSSl error messages have cryptic meanings\&. This is a list of messages
along with their true meaning\&.
.TP
\fIhandshake failed: certificate verify failed due to "unable to get local issuer certificate"\fR
The certificates in the CA file or certificate store either do not have one or
more issuers of the certificates you are validating or they have expired\&.
Usually this means you need an updated CAcert file\&.
.TP
\fIpacket length too long\fR
Client has tried to connect to a HTTP server on the plain-text port instead of
the SSL/TLS port\&.
.TP
\fIunexpected eof while reading\fR
The peer has closed the connection without sending the "close notify" shutdown
alert\&. Some servers will terminate the connection after the file or webpage has
been sent without sending the "close notify" message\&. In this case, it should
not result in a loss of data\&.
.TP
\fIwrong version number\fR
Client has tried to connect to a non-HTTP server on a non-TLS (i\&.e\&. plain text) port\&.
.PP
.SH "SEE ALSO"
\fIOpenSSL\fR [https://www\&.openssl\&.org/], http, socket
.SH KEYWORDS