Re: [openssl.org #1527] bug report - interop between TLS 1.1 and TLS 1.0 is not working

Wed, 23 May 2007 09:15:33 -0700 

Hi,
There are quite a few known issues with TLS 1.0/SSL v3 servers and TLS 1.1 and/or TLS Extensions. 


I've documented these problems in an IETF draft,  
draft-ietf-tls-interoperability-00.txt, which has now expired.



A copy of the most recent draft is available via my archive link in <URL:  
http://my.opera.com/yngve/blog/2006/10/16/more-about-tls-interoperability >



More background is available from my first announcement article <URL:  
http://my.opera.com/yngve/blog/show.dml/319177 >



The only way to handle this is to try a connection using the TLS features  
and fall back if it fails. Opera 9 does this by testing TLS 1.0 then  
working up to TLS 1.1 and TLS Extensions in small steps.



On Wed, 23 May 2007 17:50:54 +0200, Ilya Kudryashov via RT  
<[EMAIL PROTECTED]> wrote:



Hi All,


We have some interop issue between TLS 1.0 and TLS 1.1. Our application  
is
based on OpenSSL 0.9.7 version (Linux - Operation system). This is  
Radvision

SIP stack and oSIP stack.

It doesn't work with one of two possible scenarios:
        1)      Client sends hello request to server where indicates that

the latest supported version it is TLS 1.1. Server accepts this request  
but
doesn't send back to client server hello request where should indicate  
the

latest supported version for him TLS 1.0. After that the connection is
dropped. (In correct behavior, server should send back to client server
hello request with TLS 1.0 and after that client should re-send hello
request but already using TLS 1.0).
        2)      The second scenario works properly. Client sends hello
request with TLS 1.0 to server which already supports TLS 1.1. Server
accepts client request and answers by server request with TLS 1.0.
Do you know such issue? Does the latest version of OpenSSL have the fix
which solves issue?

Thanks,
Ilya Kudryashov






--
Sincerely,
Yngve N. Pettersen

********************************************************************
Senior Developer                             Email: [EMAIL PROTECTED]
Opera Software ASA                   http://www.opera.com/
Phone:  +47 24 16 42 60              Fax:    +47 24 16 40 01
********************************************************************
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [email protected]
Automated List Manager                           [EMAIL PROTECTED]






















					Reply via email to