I have verified with a new build that I was able to connect WITHOUT forcing the TLS version. So the changes worked in my tests.
Thanks for the quick turnaround! -Steve -----Original Message----- From: Stephen Henson via RT [mailto:r...@openssl.org] Sent: Thursday, February 09, 2012 10:47 AM To: Steve Kapinos (stkapino) Cc: openssl-dev@openssl.org Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client authentication > [stkap...@cisco.com - Wed Feb 08 00:12:25 2012]: > > Results using prexit are attached. > Openssl v1.0.1 beta 2 compiled on > powerppc/linux > Vs > Win2008 R2 64bit IIS7 set to require client auth Command issued: > openssl s_client -connect stk-tms.a51.lab:443 -cert > /config/lighttpd/ssl.pem -CAfile /user/http_calist.pem -prexit -state > Output attached > I've developed this workaround: http://cvs.openssl.org/chngview?cn=22087 It seems OK on my test server. Let me know of any problems. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org
