Interoperability TLS/SSL

Claus Assmann Sun, 19 Mar 2000 20:28:11 -0800
I'm trying to write a server (using OpenSSL) that doesn't use
patented algorithms, which means I have to restrict my server to
TLSv1 or SSLv3 (right?), so I would like to use TLSv1 only, but
then a "default" client (SSL23_method) does not talk to my server.

Is there a description which versions of TLS and SSL should be able
to "talk" with each other? Here is my table of testing with openssl
s_server/s_client; please let me know whether this is expected
behaviour, and how I can solve my problem with "normal" clients.

        server  tls1    ssl3    ssl2    no_tls1 no_ssl3 no_ssl2 default
client
tls1            +       -1      -2      -1      +       +       +
ssl3            -3      +       -2      +       -4      +       +
ssl2            -5      -5      +       +       +       -4      +
no_tls1         -6      -7      +       +       +       +       +
no_ssl3         -6      -6      +       -8      +       +       +
no_ssl2         -9      -9      -8      +       +       +       +
default         -9      -9      +       +       +       +       +

Explanation: +: works, -: fails, the number referst to the list
below, where the first line is the error from the server, the second
from the client.

1)
78251:1409442E:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:956:SSL alert 
number 70
78252:1408F10B:SSL3_GET_RECORD:wrong version number:s3_pkt.c:279:


2)
78253:1407D0AF:SSL2_READ:non sslv2 initial packet:s2_pkt.c:136:
78254:1409E0E5:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:490:

3)
78266:14094410:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:956:SSL alert 
number 40
78267:1408F10B:SSL3_GET_RECORD:wrong version number:s3_pkt.c:279:

4)
78277:140760FC:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:557:
78278:1409E0E5:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:490:

5)
78281:1408F10B:SSL3_GET_RECORD:wrong version number:s3_pkt.c:290:
78282:1407F0E5:SSL2_WRITE:ssl handshake failure:s2_pkt.c:367:

6)
78298:1408F10B:SSL3_GET_RECORD:wrong version number:s3_pkt.c:290:
78299:140790E5:SSL23_WRITE:ssl handshake failure:s23_lib.c:216:

7)
78300:1408F10B:SSL3_GET_RECORD:wrong version number:s3_pkt.c:290:
78301:140790E5:SSL23_WRITE:ssl handshake failure:s23_lib.c:216:

8)
server: doesn't show error... just ERROR
78587:14077102:SSL23_GET_SERVER_HELLO:unsupported protocol:s23_clnt.c:423:

9)
78592:1408F10B:SSL3_GET_RECORD:wrong version number:s3_pkt.c:290:
78593:140790E5:SSL23_WRITE:ssl handshake failure:s23_lib.c:216:

PS: I removed the string ":SSL routines:error" from all error lines.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Interoperability TLS/SSL

Reply via email to
