Dear openssl support, I investigated the following web servers. But all of them failed with the same error.
1) apache-tomcat-6.0.26 + bcprov-ext-jdk16-145 + jdk1.6.0_17 (centos 5) 2) jboss-4.2.3.GA + bcprov-jdk15 + jdk1.6.0_17 (centos 5) 3) IIS 7 (windows 7) On the other hand, many browsers except for opera successfully connect to the servers. Something wrong? Regards, Koichi Sugimoto. 2010/4/20 Jack Lloyd via RT <r...@openssl.org> > > RFC 4492 says: > > A client that receives a ServerHello message containing a Supported > Point Formats Extension MUST respect the server's choice of point > formats during the handshake (cf. Sections 5.6 and 5.7). If no > Supported Point Formats Extension is received with the ServerHello, > this is equivalent to an extension allowing only the uncompressed > point format. > > OpenSSL 1.0.0 rejects such a negotiation, always requiring the > extension to exist in the ServerHello: > > CONNECTED(00000003) > >>> TLS 1.0 Handshake [length 00cd], ClientHello > 01 00 00 c9 03 01 4b cc f2 87 fc 1d 05 2d 0c 1f > 4a 74 8b 8c 6f 20 c3 56 fb 35 4a 73 b0 9c e0 c1 > 6f 34 1b 10 f9 9f 00 00 5c c0 14 c0 0a 00 39 00 > 38 00 88 00 87 c0 0f c0 05 00 35 00 84 c0 12 c0 > 08 00 16 00 13 c0 0d c0 03 00 0a c0 13 c0 09 00 > 33 00 32 00 9a 00 99 00 45 00 44 c0 0e c0 04 00 > 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c c0 02 00 > 05 00 04 00 15 00 12 00 09 00 14 00 11 00 08 00 > 06 00 03 00 ff 01 00 00 44 00 0b 00 04 03 00 01 > 02 00 0a 00 34 00 32 00 01 00 02 00 03 00 04 00 > 05 00 06 00 07 00 08 00 09 00 0a 00 0b 00 0c 00 > 0d 00 0e 00 0f 00 10 00 11 00 12 00 13 00 14 00 > 15 00 16 00 17 00 18 00 19 00 23 00 00 > <<< TLS 1.0 Handshake [length 002a], ServerHello > 02 00 00 26 03 01 20 3f 72 c5 29 9f 22 b1 a6 af > 4b 81 31 eb 4c 85 bf bb 3a a5 8b b8 21 86 16 c5 > 7c 84 5c 73 4a 4a 00 c0 08 00 > 139742562498200:error:1411809D:SSL > routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat > list:t1_lib.c:1440: > 139742562498200:error:14092113:SSL > routines:SSL3_GET_SERVER_HELLO:serverhello tlsext:s3_clnt.c:942: > > OpenSSL 1.0.0 29 Mar 2010 > built on: Mon Apr 19 19:52:35 EDT 2010 > platform: linux-x86_64 > options: bn(64,64) rc4(1x,char) des(idx,cisc,16,int) idea(int) > blowfish(idx) > compiler: gcc -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H > -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 > -DOPENSSL_BN_ASM_MONT -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM > -DAES_ASM -DWHIRLPOOL_ASM > OPENSSLDIR: "/usr/local/ssl" > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org >
