> [steve - Sun Mar 25 13:11:30 2012]: > > I've done some more tests and it seems that the size of the client hello > message is significant: all the options that work reduce the size of > client hello. If you use the -debug option and check out the first > message bytes 4 and 5 it seems those servers hang if the length exceeds > 0xFF (using two bytes instead of one). >
If you use the option "-servername <very long string>" you can precisely control the size of the client hello. If you use that to make client hello long enough you get the hang with OpenSSL 1.0.0h and earlier as well. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org