if both the server and client are at openssl 9.8j, should i have to use this changes
ifndef OPENSSL_NO_TLSEXT SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET); #endif Should i have to use this at the client side or server side if openssl version are different in server and client. On 5/27/09, Brad House <[email protected]> wrote: >> I have been using libjingle (http://code.google.com/p/libjingle/) with >> openssl on linux. I recently upgraded my openssl from 0.9.8g to 0.9.8j, >> and suddenly my TLS negotiation stopped working. I reverted back to >> 0.9.8g, and it started working again. >> >> Is there a particular change that might be causing this? >> >> I see a Client Hello A packet, then a read error, and then there is no >> further reads on the 0.9.8j, whereas with the 0.9.8g there are further >> reads, and the TLS handshake completes. >> >> To verify, you can download the code from >> http://code.google.com/p/libjingle/, and then configure/make it. After >> make, you can go to libjingle-0.4.0/talk/examples/pcp, and run ./pcp. >> There you can put in your googletalk username/password to login. With >> 0.9.8g it will login, but with 0.9.8j it will just hang at logging in >> (in the tls handshake). Any help is appreciated. > > I've run into this same issue before in my own products. It is due to a > bug on the server side. Most likely the server is running an older version > of OpenSSL not being able to handle tls extensions in the protocol stream. > One such extension, TLS Tickets, are enabled by default in later versions > of 0.9.8. > > To correct this issue you need to disable ticket support on the client > side at runtime. You can use something like this to do that: > #ifndef OPENSSL_NO_TLSEXT > SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET); > #endif > > -Brad > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] > -- Regards Joshi Chandran ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
