I'm trying to write a server (using OpenSSL) that doesn't use
patented algorithms, which means I have to restrict my server to
TLSv1 or SSLv3 (right?), so I would like to use TLSv1 only, but
then a "default" client (SSL23_method) does not talk to my server.
Is there a description which versions of TLS and SSL should be able
to "talk" with each other? Here is my table of testing with openssl
s_server/s_client; please let me know whether this is expected
behaviour, and how I can solve my problem with "normal" clients.
server tls1 ssl3 ssl2 no_tls1 no_ssl3 no_ssl2 default
client
tls1 + -1 -2 -1 + + +
ssl3 -3 + -2 + -4 + +
ssl2 -5 -5 + + + -4 +
no_tls1 -6 -7 + + + + +
no_ssl3 -6 -6 + -8 + + +
no_ssl2 -9 -9 -8 + + + +
default -9 -9 + + + + +
Explanation: +: works, -: fails, the number referst to the list
below, where the first line is the error from the server, the second
from the client.
1)
78251:1409442E:SSL3_READ_BYTES:tlsv1 alert protocol version:s3_pkt.c:956:SSL alert
number 70
78252:1408F10B:SSL3_GET_RECORD:wrong version number:s3_pkt.c:279:
2)
78253:1407D0AF:SSL2_READ:non sslv2 initial packet:s2_pkt.c:136:
78254:1409E0E5:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:490:
3)
78266:14094410:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:956:SSL alert
number 40
78267:1408F10B:SSL3_GET_RECORD:wrong version number:s3_pkt.c:279:
4)
78277:140760FC:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_srvr.c:557:
78278:1409E0E5:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:490:
5)
78281:1408F10B:SSL3_GET_RECORD:wrong version number:s3_pkt.c:290:
78282:1407F0E5:SSL2_WRITE:ssl handshake failure:s2_pkt.c:367:
6)
78298:1408F10B:SSL3_GET_RECORD:wrong version number:s3_pkt.c:290:
78299:140790E5:SSL23_WRITE:ssl handshake failure:s23_lib.c:216:
7)
78300:1408F10B:SSL3_GET_RECORD:wrong version number:s3_pkt.c:290:
78301:140790E5:SSL23_WRITE:ssl handshake failure:s23_lib.c:216:
8)
server: doesn't show error... just ERROR
78587:14077102:SSL23_GET_SERVER_HELLO:unsupported protocol:s23_clnt.c:423:
9)
78592:1408F10B:SSL3_GET_RECORD:wrong version number:s3_pkt.c:290:
78593:140790E5:SSL23_WRITE:ssl handshake failure:s23_lib.c:216:
PS: I removed the string ":SSL routines:error" from all error lines.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]