Hello, On 13 November 2010 03:33, Dr. Stephen Henson <[email protected]> wrote: > > I've just tried 1.0.1 and it does have a problem with GOST and TLS v1.1 which > is the default for OpenSSL 1.0.1. If you include -no_tls1_1 in the command > line it should work or if you try a recent 1.0.0 snapshot (OpenSSL 1.0.0 > doesn't support TLS v1.1). > > I'll look into the TLS v1.1 issue. > > Steve.
Sorry to confuse you - I've mixed up versions and snapshot filenames. I just re-check these snapshots of 1.0.0 ftp://ftp.openssl.org/snapshot/openssl-1.0.0-stable-SNAP-20101112.tar.gz and 1.0.1 ftp://ftp.openssl.org/snapshot/openssl-1.0.1-stable-SNAP-20101112.tar.gz I disable TSL in there: ./config no-tls I add "-ssl3" parameter to s_server and s_client commands. ./apps/openssl s_server -ssl3 -www -engine gost -accept 4333 -state -cert botcert.pem -key botkey.p8 ./apps/openssl s_client -ssl3 -engine gost -connect localhost:4333 And both of these versions are not working in the same way. s_server ================= SSL3 alert write:fatal:bad record mac SSL_accept:error in SSLv3 read certificate verify A 3076736652:error:1411D144:SSL routines:ssl3_handshake_mac:digest requred for handshake isn't computed:s3_enc.c:668: ================= s_client ================= verify return:1 3076413068:error:1411D144:SSL routines:ssl3_handshake_mac:digest requred for handshake isn't computed:s3_enc.c:668: ================= So, the problem not in TLS1.1 BTW: 1.0.1 s_server doesn't accept -no_tls1_1 option, while have it in help option list. s_client does accept this option. WBR, Andrey ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
