[openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

On Sun May 01 07:32:17 2016, hen...@newdawn.dk wrote: > Thank you all for the assistance - trying to convince Qt/C++ SSL > sockets to do as you've described by cutting down on ciphers. I did > check std Google Chrome ClientHello which does only contain about 10 > cipher suites - where Qt seems to i

Re: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

Thank you all for the assistance - trying to convince Qt/C++ SSL sockets to do as you've described by cutting down on ciphers. I did check std Google Chrome ClientHello which does only contain about 10 cipher suites - where Qt seems to include a lot more (all supported) - so what i'm trying to d

[openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

On Sat Apr 30 21:23:30 2016, hen...@newdawn.dk wrote: > Since this is a MS IIS 7.0 server I would argue that it'd be in the > interest of openssl to handle the situation rather than accept this > scenario - since IIS is likely powering more than a few hosts? It is > possible to have the host correc

Re: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

> On Apr 30, 2016, at 5:26 PM, Salz, Rich wrote: > >> Since this is a MS IIS 7.0 server I would argue that it'd be in the interest >> of >> openssl to handle the situation rather than accept this scenario - since IIS >> is >> likely powering more than a few hosts? > > It's a known bug, and op

Re: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

> Since this is a MS IIS 7.0 server I would argue that it'd be in the interest > of > openssl to handle the situation rather than accept this scenario - since IIS > is > likely powering more than a few hosts? It's a known bug, and openssl can work-around the bug by configuring as described.

Re: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

> Since this is a MS IIS 7.0 server I would argue that it'd be in the interest > of > openssl to handle the situation rather than accept this scenario - since IIS > is > likely powering more than a few hosts? It's a known bug, and openssl can work-around the bug by configuring as described.

Re: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

Since this is a MS IIS 7.0 server I would argue that it'd be in the interest of openssl to handle the situation rather than accept this scenario - since IIS is likely powering more than a few hosts? It is possible to have the host correctly list its supported protocols using nmap - i'd assume th

Re: [openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

On Sat, Apr 30, 2016 at 08:59:46PM +, Matt Caswell via RT wrote: > > This is not a bug in OpenSSL. The problem here is that the server is behaving > incorrectly when receiving large ClientHello messages. The ClientHello is the > first message that is sent from the client to the server. If a la

[openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

On Sat Apr 30 19:51:51 2016, hen...@newdawn.dk wrote: > Hi there > > I've recently come across what looks to be an internal bug in openssl: > > Original symptoms was that neither "curl" or "wget" could access the > following site: > > https://coverage.tre.se - this site is using TLS 1.0 (only) and

[openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts

Hi there I've recently come across what looks to be an internal bug in openssl: Original symptoms was that neither "curl" or "wget" could access the following site: https://coverage.tre.se - this site is using TLS 1.0 (only) and does have some pretty crazy certificate issues - but does show u