Hello,
Our organization just switched some of our environments to using
openssl-1.0.1e, and since doing so connections from those machines to our
Windows servers fail where they used to succeed. I've done some
investigation into openssl and I have the problem narrowed to the list of
cipher suites offered in the client hello when TLS 1.2 is switched on.
Specifically, if I do 'openssl s_client -no_tls1_2 ...' on the latest
openssl-1.0.1f it will succeed, and fail otherwise. From a debugger I can
set client_version to 1.1 during the function ssl_cipher_list_to_bytes and
reset to 1.2 upon exit of that function and connection will again succeed.
Our Windows servers only go up to TLSv1, and the key indication of a
failed connection is that openssl s_client will claim that 'Secure
Renegotiation IS NOT supported'. However, if I use openssl-1.0.0k against
the same server it will report that 'Secure Renegotiation IS supported'.
Does anyone have any idea what's going on? Can someone recommend some next
steps I can try?
Thanks,
--
Jeff Franklin
Software Engineer, Identity and Access Management
UW Information Technology
University of Washington
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
