On 06.11.2014 10:02, Rajeswari K wrote:
Hello Openssl users,
I have a basic query that
Lets say my SSL client is capable of versions SSL3.0 and SSL3.1.
And my SSL server is capable of versions TLS1.0, TLS1.1 and TLS1.2
Now SSL client has sent a client hello with version SSL3.0. Since, SSL
server doesn't have this version present, it returns "version mismatch"
error.
In this case, what should be the ideal scenario? Does SSL Client need to
resend client hello with TLS1.0?
Like on Server, does SSL client also will have fall back/up mechanisms
in order to avoid version mismatch errors?
Please clarify?
SSL3.1 is the political incorrect name for TLS1.0 ;-), with this your
example contains a client capable of versions SSLv3 and TLSv1 which
should advertise TLSv1 right from the beginning which leads then to the
server selecting TLSv1 as the highest/only common protocol version and
no problem occurs.
Best regards,
Richard
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org