I have verified with a new build that I was able to connect WITHOUT forcing the 
TLS version.  So the changes worked in my tests.



Thanks for the quick turnaround!



-Steve



-----Original Message-----

From: Stephen Henson via RT [mailto:r...@openssl.org] 

Sent: Thursday, February 09, 2012 10:47 AM

To: Steve Kapinos (stkapino)

Cc: openssl-dev@openssl.org

Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client 
authentication 



> [stkap...@cisco.com - Wed Feb 08 00:12:25 2012]:

> 

> Results using prexit are attached.

> Openssl v1.0.1 beta 2 compiled on

> powerppc/linux

> Vs

> Win2008 R2 64bit IIS7 set to require client auth Command issued:

> openssl s_client -connect stk-tms.a51.lab:443 -cert 

> /config/lighttpd/ssl.pem -CAfile /user/http_calist.pem -prexit -state 

> Output attached

> 



I've developed this workaround:



http://cvs.openssl.org/chngview?cn=22087



It seems OK on my test server. Let me know of any problems.



Steve.

--

Dr Stephen N. Henson. OpenSSL project core developer.

Commercial tech support now available see: http://www.openssl.org



______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to