On Sat, Mar 17, 2012 at 09:13:51PM +0100, Nikos Mavrogiannopoulos via RT wrote: > On 03/17/2012 09:03 PM, Stephen Henson via RT wrote: > > >> [n...@gnutls.org - Sat Mar 17 16:08:24 2012]: > >> > >> > >> I captured the handshake (attached), and it seems the client > >> advertises TLS 1.2. Could it be that the fallback is on the lowest > >> supported version rather than the next available? > >> > > > > That's strange. I tried OpenSSL 1.0.0h server (which supports up to > > TLS 1.0) against OpenSSL 1.0.1 client (which also supports TLS 1.1 > > and 1.2) and it ends up negotiating TLS v1.0 which is what I'd > > expect. I'll see what that handshake capture reveals. > > > Indeed interesting. I downloaded 1.0.0h from source I saw the behavior > you describe. The issue is triggered on the version 1.0.0h as > distributed by debian.
The only think I can think of why it would behave different is that we configured it with no-ssl2. The full options we call Configure with is: no-idea no-mdc2 no-rc5 zlib enable-tlsext no-ssl2 I think the zlib option might also cause some behaviour changes. Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org