Hi Daniel, I have gone through tls.h header file and i can see this
/* ExtensionType values from RFC 3546 */ #define TLSEXT_TYPE_server_name 0 #define TLSEXT_TYPE_max_fragment_length 1 #define TLSEXT_TYPE_client_certificate_url 2 #define TLSEXT_TYPE_trusted_ca_keys 3 #define TLSEXT_TYPE_truncated_hmac 4 #define TLSEXT_TYPE_status_request 5 #define TLSEXT_TYPE_elliptic_curves 10 #define TLSEXT_TYPE_ec_point_formats 11 #define TLSEXT_TYPE_session_ticket 35 /* NameType value from RFC 3546 */ #define TLSEXT_NAMETYPE_host_name 0 /* status request value from RFC 3546 */ #define TLSEXT_STATUSTYPE_ocsp 1 but this all extensions are not supported in openssl 9.8k. I have another query . If my server is using older openssl version like 9.8d which does not support tls extension by default and my client is using openssl 9.8k which support tls extension., will in this scenario,whether the handshake between server and client fails? if server uses openssl 9.8k and client 9.8d, what will happen handshake in this case. Thanks In advance Rajan On Fri, Sep 18, 2009 at 10:58 AM, tensy joseph <rajanchit...@gmail.com>wrote: > Hi Daniel, > > I have gone through tls.h header file and i can see this > > /* ExtensionType values from RFC 3546 */ > > #define TLSEXT_TYPE_server_name 0 > > #define TLSEXT_TYPE_max_fragment_length 1 > > #define TLSEXT_TYPE_client_certificate_url 2 > > #define TLSEXT_TYPE_trusted_ca_keys 3 > > #define TLSEXT_TYPE_truncated_hmac 4 > > #define TLSEXT_TYPE_status_request 5 > > #define TLSEXT_TYPE_elliptic_curves 10 > > #define TLSEXT_TYPE_ec_point_formats 11 > > #define TLSEXT_TYPE_session_ticket 35 > > /* NameType value from RFC 3546 */ > > #define TLSEXT_NAMETYPE_host_name 0 > > /* status request value from RFC 3546 */ > > #define TLSEXT_STATUSTYPE_ocsp 1 > but this all extensions are not supported in openssl 9.8k. > I have another query . > > If my server is using older openssl version like 9.8d which does not > support tls extension by default and my client is using openssl 9.8k which > support tls extension., will in this scenario,whether the handshake between > server and client . > > if server uses openssl 9.8k and client 9.8d, what will happen handshake in > this case. > > Thanks In advance > > Rajan > On Fri, Sep 18, 2009 at 10:29 AM, Daniel Black < > daniel.s...@internode.on.net> wrote: > >> On Wednesday 05 August 2009 17:09:54 rajanchittil wrote: >> > Hi ALL, >> >> Hi rajanchittil >> >> > I was trying to figure out the TLS extension supported by openssl. I >> have >> > gone thorough RFC 3546 (http://www.faqs.org/rfcs/rfc3546.html) .It >> mentions >> > 6 TLS extension >> >> could look at the updated rfc4366 too >> >> > 1.Server Name Indication >> > 2.Maximum Fragment Length Negotiation >> > 3.Client Certificate URLs >> > 4.Trusted CA Indication >> > 5.Truncated HMAC >> > 6.Certificate Status Request >> > >> > But i was able to figure out only Server name and certificate status >> > request supported in Openssl. >> >> yes >> >> > Is other extension is supported too . >> >> there is some identification of these extensions only. >> >> >> However these are TLS extensions from other rfcs: >> RFC4492 >> >> TLSEXT_TYPE_ec_point_formats >> TLSEXT_TYPE_elliptic_curves >> TLSEXT_TYPE_session_ticket >> >> And from draft-rescorla-tls-opaque-prf-input-00.txt >> TLSEXT_TYPE_opaque_prf_input >> >> (See from the openssl source code ./include/openssl/tls1.h >> ) >> > >
