Hi Stephen I will try to test with the client and get back to you. This is in an internal lab so it is not reachable. I can provide packet sniff along with the certs /keys if that would be useful?
Sent from my mobile On Feb 5, 2012, at 8:21 AM, "Stephen Henson via RT" <r...@openssl.org> wrote: >> [stkap...@cisco.com - Sat Feb 04 21:00:23 2012]: >> >> Setup: >> Client: Curl/libcurl 7.21.7 OpenSSL 1.0.1 on powerpc linux >> Server: Win2008 R2 IIS 7. Virtual directory with Client Authentication >> set to Accept or Require >> Local network, IPV4 addressing >> I do not have the specific build of openssl 1.0.1 yet, will get that >> from the other dev. >> >> Symptom: openssl starts with TLS v1.2, gets TLS v1.0 back from IIS, and >> client authentication fails with bad_record_mac . If TLS v1.0 is >> forced in curl, TLS v1.0 is used in the initial CLIENT HELLO and the >> full connection handshakes successfully. >> > > Does the OpenSSL s_client utility also exhibit this behaviour? If so can > you send me a URL I can test this againts? > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org