On Sat Apr 30 21:23:30 2016, hen...@newdawn.dk wrote: > Since this is a MS IIS 7.0 server I would argue that it'd be in the > interest of openssl to handle the situation rather than accept this > scenario - since IIS is likely powering more than a few hosts? It is > possible to have the host correctly list its supported protocols using > nmap - i'd assume the TLS1.2 attempt can be avoided altogether ( > without knowing any implementation details or if tht adds overhead > though ) ? >
As others have indicated this is a known bug with a load balancer and not IIS. As well as the solutions suggested you can try the -bugs option to s_client which pads client hellos to workaround this issue. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4524 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
