Le 11/10/2013 19:57, nehakochar a écrit :
Erwann ABALEA wrote
The server and client are both compliant.
With the first command, you tell the client to use TLS1.0 only. No more,
no less. The server is ok with it, and both negociate TLS1.0.
With the second command, you tell the client to use TLS1.2 only, again
no more no less. The server receives a TLS1.2 negociation, replies with
a TLS1.0 server hello message, and the client refuses it, cleanly
(because you told it to do so).
If you want to allow only TLS1.0, TLS1.1 and TLS1.2, use "-no_ssl2
-no_ssl3" options instead.
In my case, SSL client is using OpenSSL 1.0.1e. I do not which version is
the server using, but must be an older version. When the client is sending
ClientHello with version 0x0303 (TLS1.2), the server does not respond at
all. In which versions of OpenSSL is the above server behavior expected?
I used the same "server" you're talking about earlier in the thread:
emea.webservices.travelport.com:443
And this server behaves as I wrote, correctly, sending a TLS1.0
ServerHello, refused by the client.
Are you talking about another one?
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
