Hi there,
On October 7, 2003 10:28 pm, Richard Levitte - VMS Whacker wrote:
> I think that part is already answered by the following, taken from
> appendix E in RFC 2246:
>
> TLS version 1.0 and SSL 3.0 are very similar; thus, supporting both
> is easy. TLS clients who wish to negotiate with SSL 3.0 servers
> should send client hello messages using the SSL 3.0 record format
> and client hello structure, sending {3, 1} for the version field to
> note that they support TLS 1.0. If the server supports only SSL 3.0, it
> will respond with an SSL 3.0 server hello; if it supports TLS, with a
> TLS server hello. The negotiation then proceeds as appropriate for the
> negotiated protocol.
Which reminds me, I'm not sure yet about my last post's comments on this
"sslv3/tlsv1 methods can't internegotiate" stuff - I'm less sure now of
what I was seeing than I was when I was seeing it. However I still leave
my other comments from that post up as open questions; in particular, I'm
still wondering how an attacker could be prevented from rewriting
SSLv2-compatible ClientHellos as v2-only and getting away with it.
> So my question is rather what kind of stuff might I run in to in the
> OpenSSL code? One thing I've figured out is that it's not as easy as
> simply calling the SSLv3 send client hello routine from the SSLv23
> one...
I need to look closer at this too but I have a suspicion that the
vtable-gymnastics in the v23 wrapper might need to be replicated for v31.
Ie. perhaps we'll need a new negotiator-method just for versions with
major number 0x03? Then again, perhaps this is already "there" but I just
don't see it yet ... :-)
Cheers,
Geoff
--
Geoff Thorpe
[EMAIL PROTECTED]
http://www.geoffthorpe.net/
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
