On Sun, Apr 01, 2012, Dr. Stephen Henson wrote: > > Did a quick hack modification setting header version to 0x3,0x0 and it now > *will* connect to some sites it didn't before with a long client hello > including paypal. It ends up negotiating TLS 1.2 anyway. > > I'll do some more tests to see what happens. >
SSLv3 or TLSv1 version in record header connects, anything higher hangs. So I'd say we set it to TLSv1 in header unless we only support SSLv3. That should retain compatibility with older versions of OpenSSL. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
