[mailto:cove...@gmail.com]
Sent: Tuesday, June 12, 2012 12:53 PM
To: users@httpd.apache.org
Subject: Re: [users@httpd] TLS 1.2 handshake problem?
Extension: SessionTicket TLS
Type: SessionTicket TLS (0x0023)
Length: 0
Data (0 bytes)
I've
I am trying unsuccessfully to get Subversion to connect over HTTPS to an Apache
server that is configured with
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
The behavior I'm seeing is that the client sends the initial CLIENT HELLO, and
Hi,
Sometimes from the huge list of supported cipher suites, It will be hard
for us to select the exact cipher.
If you are working on solaris, You can use the following command to check
the exact cipher and protocol being used by the client.
/opt/csw/bin/openssl s_client -connect
The problem appears to be the TLSv1.2 handshake. Here are the cases:
* openssl s_client -connect gbit:443
This sends a TLSv1.2 handshake inside a TLSv1.0 CLIENT HELLO, and Apache fails
to respond.
* openssl s_client -connect gbit:443 -tls1
This sends a TLSV1.0 handshake inside a TLSV1.0
What is the version of openssl being used?
On Wed, Jun 13, 2012 at 12:29 AM, Garrison, Jim (ETW) jim.garri...@nike.com
wrote:
The problem appears to be the TLSv1.2 handshake. Here are the cases:
* openssl s_client -connect gbit:443
This sends a TLSv1.2 handshake inside a TLSv1.0 CLIENT
Extension: SessionTicket TLS
Type: SessionTicket TLS (0x0023)
Length: 0
Data (0 bytes)
I've seen this cause trouble on java-based servers, since it is the
first extension that's 0 byte and servers can over-read and block.
In openssl s_client, you can
