On Friday 18 September 2009 15:29:29 tensy joseph wrote: > but this all extensions are not supported in openssl 9.8k. > I have another query . > > If my server is using older openssl version like 9.8d which does not > support tls extension by default and my client is using openssl 9.8k which > support tls extension., will in this scenario,whether the handshake > between server and client fails?
the client will advertise in the TLS client hello message the extensions it supports and the server will responds whether if it knows about the extensions (which it doesn't). The whole RFC definitions of extensions promote interoperability. http://tools.ietf.org/html/rfc4366#section-2.3 "Note that for all extension types (including those defined in the future), the extension type MUST NOT appear in the extended server hello unless the same extension type appeared in the corresponding client hello. " > if server uses openssl 9.8k and client 9.8d, what will happen handshake in > this case. you could do some tests with openssl s_client and openssl s_server to see what happens in the handshake. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org