On Tue, Jun 18, 2013 at 05:25:06PM -0400, Dave Thompson wrote:
> > My conclussions:
> > - One of the 2 sides doesn't implement
> > DES-CBC-SHA/DES-CBC3-SHA properly
>
> ... I think you're right and I suspect the other side because
> openssl interoperates with lots of folks -- unless there's
> something badly off in your build of openssl. Can you
> connect with DES-CBC3-SHA to usual suspects like google?
With google I get:
Protocol : TLSv1.2
Cipher : DES-CBC3-SHA
(Or by default)
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Both of course work as expected.
> I think commandline nowadays picks up engines from openssl.cnf
> even if you don't explicitly ask -- do you have any configured?
There are no engines configured.
> If you didn't build from source, can you try that?
Enable engines? Which ones?
PS: Are you unable to reproduce this? I can reproduce this with
various sites including things like smtp.live.com.
Kurt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
