>> Results using prexit are attached.
>> Openssl v1.0.1 beta 2 compiled on
>> powerppc/linux
>> Vs
>> Win2008 R2 64bit IIS7 set to require client auth
>> Command issued:
>> openssl s_client -connect stk-tms.a51.lab:443 -cert
>> /config/lighttpd/ssl.pem -CAfile /user/http_calist.pem -prexit -state
>> Output attached
>>
>
> I've developed this workaround:
>
> http://cvs.openssl.org/chngview?cn=22087
>
> It seems OK on my test server. Let me know of any problems.
It's probably appropriate to clarify for public reference that you
managed to trace the problem down to "client_version" field in RSA
premaster secret. Quoting RFC 2246, 7.4.7.1. RSA encrypted premaster
secret message.
"client_version
The latest (newest) version supported by the client. This is
used to detect version roll-back attacks. Upon receiving the
premaster secret, the server should check that this value
matches the value transmitted by the client in the client
hello message."
Formulation arguably leaves room for interpretation whether "hello
message" refers to initial one or last one from renegotiation. I mean I
can imagine it to be interpreted as "last" one in which case [provided
that "matches" means "equality"] it should fail. Maybe using TLS 1.2
hello even in renegotiation would be more fool-proof...
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
