On Tue, Apr 02, 2002 at 02:34:00PM -0600, Kevin Regan wrote:
>
> I've run into the handshake problem with OpenSSL and Java JSSE. If I change
> the method used to create the SSL context from TLSv1_server_method to
> SSLv23_server_method, the problem is fixed.
>
> However, I'd like to know what the problem actually is and if this
> incompatibility will ever be fixed? Also, who is doing the correct thing
> here, JSSE or OpenSSL?
I have not worked with JSSE, so I will give you a more general comment:
strictly spoken, only TLSv1 has the "official blessing" of having become
an RFC. All standards describing "... over TLS" protocols officially would
therefore only apply to TLSv1. In practice nearly everything is implemented
to also support SSLv2 and SSLv3, in fact e.g. Netscape 4.x does only
support these protocols and does not support TLSv1. The same holds for
a lot of servers, therefore most clients send a SSLv2 client hello
(in violation of the TLSv1 standard, but with a much better compatibility :-)
Consequently: only supporting TLSv1 would adhere to the standard, but
with respect to interoperability, also supporting at least older hello
messages is recommended.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
