I see this fix will be in 1.0.1q. Do you know when 1.0.1q will be released?
Ian -----Original Message----- From: openssl-dev [mailto:[email protected]] On Behalf Of Matt Caswell Sent: Wednesday, August 05, 2015 8:40 AM To: [email protected] Subject: Re: [openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method On 04/08/15 22:03, Ian McFadries (imcfadri) wrote: > Sorry for the delayed response, I was away for a week and was able to test > the fix today. > > The fix did resolve the session ticket issue that I was encountering. > However, now I get an error when I am not using the session tickets under the > following conditions. I am continuing to investigate. > > Create an SSL Session using the context that negotiates the highest > available version Client hello requests TLS 1.2 Server responds with > server hello using TLS 1.0 Complete handshake with no problems > Disconnect session Start new session which attempts a fast session > resumption Client sends Alert 70 (SSL_AD_PROTOCOLVERSION) because SSL > struct version contains version 0x303 but message after first message > contains version 0x301 Oh. Try this additional patch. By moving the session creation earlier in the process the session protocol version gets fixed at that earlier point. Unfortunately we have moved it to a point *before* version negotiation has completed. This patch just updates the session version once version negotiation is finished. Matt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
