On 14 November 2010 06:10, Dr. Stephen Henson <[email protected]> wrote: > On Sat, Nov 13, 2010, Andrey Kulikov wrote: > >> >> Sorry to confuse you - I've mixed up versions and snapshot filenames. >> I just re-check these snapshots of 1.0.0 >> ftp://ftp.openssl.org/snapshot/openssl-1.0.0-stable-SNAP-20101112.tar.gz >> and 1.0.1 >> ftp://ftp.openssl.org/snapshot/openssl-1.0.1-stable-SNAP-20101112.tar.gz >> >> I disable TSL in there: >> ./config no-tls >> >> I add "-ssl3" parameter to s_server and s_client commands. >> >> ./apps/openssl s_server -ssl3 -www -engine gost -accept 4333 -state >> -cert botcert.pem -key botkey.p8 >> ./apps/openssl s_client -ssl3 -engine gost -connect localhost:4333 >> >> And both of these versions are not working in the same way. >> > > Sorry I missed the -ssl3 command option in your other messages. The GOST > ciphersuites don't work with SSLv3 but OpenSSL shouldn't be giving that error > message: it should just disable GOST ciphersuites if SSLv3 is negotiated. > > Steve.
Thanks for information! When I specify -tls1 option both to s_server and s_client, everything become work fine, even with 1.0.0a. But, dear Guru, would you like be so kind to enlighten us, ignorami, why GOST ciphersuites don't work with SSLv3? Is it a OpenSSL feature, or it's according to some standard? Or there is any other reasons? -- Andrey. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
