Hi all, I need to build a scenario of detecting incorrect cypher suite of TLS connection.
The plan is to modify from a good TLS server, to encrypt data in a different cypher method from client request in handshake phase. However, as openssl encapsulated the implementation, I wonder if there's any API to achieve that? or I need to copy and modify codes from OpenSSL? I also have additional question about SSL error. I tried four cases: 1. There's no valid physical conection 2. Physical connection valid, but no TLS server running 3. TLS server is busy occupied by another connection 4. TLS server free, but responding incorrectly (as the scenario described in the beginning) Is there any way to differticate these cases, especially case 4? I made tests to case 1-3 and results are: 1. BIO_do_connect returns SSL_ERROR_SYSCALL, but error statck empty 2. BIO_do_connect returns SSL_ERROR_SYSCALL, and 2 error in error stack: 1. system library:connect:No route to host 2. system library:connect:No route to host 3. BIO_do_connect returns SSL_ERROR_ZERO_RETURN, and 1 error in error stack: 1. SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure Do I need to differentiate them according to the errors, or there's a better way? What error is expected for case 4? Actually what I really care about is to detect case 4, so that's why I want to build such malfunctioning server. Any help or opinion is appreciated. Thank you all. Peter