[stkap...@cisco.com - Fri Feb 10 16:40:08 2012]:
I have verified with a new build that I was able to connect WITHOUT
forcing the TLS version. So the changes worked in my tests.
OK, thanks for the update, ticket resolved.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
10:47 AM
To: Steve Kapinos (stkapino)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client
authentication
[stkap...@cisco.com - Wed Feb 08 00:12:25 2012]:
Results using prexit are attached.
Openssl v1.0.1 beta 2 compiled on
powerppc/linux
To: Steve Kapinos (stkapino)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client
authentication
[stkap...@cisco.com - Wed Feb 08 00:12:25 2012]:
Results using prexit are attached.
Openssl v1.0.1 beta 2 compiled on
powerppc/linux
Vs
Win2008 R2
[stkap...@cisco.com - Wed Feb 08 00:12:25 2012]:
Results using prexit are attached.
Openssl v1.0.1 beta 2 compiled on
powerppc/linux
Vs
Win2008 R2 64bit IIS7 set to require client auth
Command issued:
openssl s_client -connect stk-tms.a51.lab:443 -cert
/config/lighttpd/ssl.pem -CAfile
Results using prexit are attached.
Openssl v1.0.1 beta 2 compiled on
powerppc/linux
Vs
Win2008 R2 64bit IIS7 set to require client auth
Command issued:
openssl s_client -connect stk-tms.a51.lab:443 -cert
/config/lighttpd/ssl.pem -CAfile /user/http_calist.pem -prexit -state
Output attached
-Steve
-Original Message-
From: Stephen Henson via RT [mailto:r...@openssl.org]
Sent: Tuesday, February 07, 2012 5:59 PM
To: Steve Kapinos (stkapino)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client
authentication
[stkap...@cisco.com - Tue
[stkap...@cisco.com - Mon Feb 06 23:58:36 2012]:
Hrm.. zip checks out in the sent mail. Opens with 7zip ok. Here is
an alt download location -
http://dl.dropbox.com/u/43502643/ssldebug.zip
Thanks, that seems OK.
I would like to
test with the newer versions, but that is
to discuss.
Thx
-Steve
-Original Message-
From: Stephen Henson via RT [mailto:r...@openssl.org]
Sent: Tuesday, February 07, 2012 2:44 PM
To: Steve Kapinos (stkapino)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client
authentication
[stkap
[stkap...@cisco.com - Tue Feb 07 21:13:11 2012]:
FYI - I have now tested with 1.0.1 beta 2 of openssl (again complied
on powerppc/linux) as well and found the same behavior. I also
tested against IIS on Windows 7 64bit as the server with the same
behavior. Maybe that will help
attached
-Steve
-Original Message-
From: Stephen Henson via RT [mailto:r...@openssl.org]
Sent: Tuesday, February 07, 2012 5:59 PM
To: Steve Kapinos (stkapino)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client
authentication
[stkap
...@openssl.org]
Sent: Sunday, February 05, 2012 3:52 PM
To: Steve Kapinos (stkapino)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client
authentication
[stkap...@cisco.com - Sun Feb 05 17:33:28 2012]:
Hi Stephen I will try to test
]
Sent: Sunday, February 05, 2012 3:52 PM
To: Steve Kapinos (stkapino)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client
authentication
[stkap...@cisco.com - Sun Feb 05 17:33:28 2012]:
Hi Stephen I will try to test with the client and get back
[stkap...@cisco.com - Mon Feb 06 18:27:26 2012]:
Files attached..
The .zip file seems corrupted.
Also please try a more recent version of OpenSSL. Quite a bit has
changed since November.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available
To: Steve Kapinos (stkapino)
Cc: openssl-dev@openssl.org
Subject: [openssl.org #2702] TLS bad_mac_record with IIS 7 and client
authentication
[stkap...@cisco.com - Mon Feb 06 18:27:26 2012]:
Files attached..
The .zip file seems corrupted.
Also please try a more recent version
[stkap...@cisco.com - Sat Feb 04 21:00:23 2012]:
Setup:
Client: Curl/libcurl 7.21.7 OpenSSL 1.0.1 on powerpc linux
Server: Win2008 R2 IIS 7. Virtual directory with Client Authentication
set to Accept or Require
Local network, IPV4 addressing
I do not have the specific build of openssl
Hi Stephen I will try to test with the client and get back to you. This is in
an internal lab so it is not reachable. I can provide packet sniff along with
the certs /keys if that would be useful?
Sent from my mobile
On Feb 5, 2012, at 8:21 AM, Stephen Henson via RT r...@openssl.org wrote:
Hi Stephen I will try to test with the client and get back to you. This is in
an internal lab so it is not reachable. I can provide packet sniff along with
the certs /keys if that would be useful?
Sent from my mobile
On Feb 5, 2012, at 8:21 AM, Stephen Henson via RT r...@openssl.org wrote:
[stkap...@cisco.com - Sun Feb 05 17:33:28 2012]:
Hi Stephen I will try to test with the client and get back to you.
This is in an internal lab so it is not reachable. I can provide
packet sniff along with the certs /keys if that would be useful?
Yes. Also please try it with the -no_tls1_2
Setup:
Client: Curl/libcurl 7.21.7 OpenSSL 1.0.1 on powerpc linux
Server: Win2008 R2 IIS 7. Virtual directory with Client Authentication
set to Accept or Require
Local network, IPV4 addressing
I do not have the specific build of openssl 1.0.1 yet, will get that
from the other dev.
Symptom:
19 matches
Mail list logo