On Fri, Jun 07, 2002 at 05:18:06PM +0200, Bodo Moeller wrote: > On Wed, Jun 05, 2002 at 07:27:15PM -0400, Shekhar Mahadevan wrote:
>> I'm trying to connect to https://secure01.principal.com/ using OpenSSL. >> Three other SSL toolkits (including JSSE) work OK, but OpenSSL results in >> the server side socket closing with a premature EOF. [...] > This is a bug in the server, which apparently cannot handle > length-zero SSL 3.0 fragments. These are used in OpenSSL 0.9.6d as a > workaround for a security problem in the SSL 3.0/TLS 1.0 protocol. As > a workaround, you can use RC4-based ciphers ('-cipher RC4' when using > s_client). Starting with the next snapshots, the '-bugs' option to s_client should restore the previous behaviour (i.e. not prevent the security problems found in the protocol) and thus ensure interoperability with such broken servers. -- Bodo Möller <[EMAIL PROTECTED]> PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html * TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt * Tel. +49-6151-16-6628, Fax +49-6151-16-6036 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
