For clarity, which version of WinCE, and which CPU (Arm,
MIPS,PPC, x86, SH3, SH4, ...)?
Which Microsoft Compiler version (EVC3, EVC4, one of the
Visual Studio projects, 3rd party compiler) and which
exact compiler version (reported by running the compiler
executable (named according to CPU) with no arguments.
I ask because your proposed fix may be affected by compiler and/or CPU
quirks.
On 04/12/2015 12:31, Jayalakshmi bhat wrote:
Hi Matt,
Thanks a lot for the response.
Is your application a client or a server? Are both ends using OpenSSL
1.0.2d? If not, what is the other end using?
>>Our device has both TLS client,server apps. As client, device communicates with radius
server, LDAP server etc.As server device is accessed using various
web browsers.
Hence both the end will not be OpenSSL 1.0.2d.
How exactly are you doing that? Which specific cipher are you seeing fail?
>> We have provided user option to select TLS protocol versions similar to the browsers.
Depending upon the user configurations we set the protocol flags
(SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2) in the SSL
context using SSL_CTX_clear_options/SSL_CTX_set_options.
>> We have provided user option to chose ciphers as well.
All these are in the application space,no changes have been done and
they have been working good with OpenSSL 1.0.1c. Only the library is
upgraded to OpenSSL 1.0.2d.I have used AES256-CBC and AES128 CBC
ciphers and with both the ciphers issue is seen.
Are you able to provide a packet capture?
>> Please find the attached traces for server mode.
What O/S is this on?
>>This is built for WinCE and Vxworks
Regards
Jaya
On Fri, Dec 4, 2015 at 3:02 PM, Matt Caswell <m...@openssl.org
<mailto:m...@openssl.org>> wrote:
Hello Jaya
We're going to need some more information. There isn't a generic
problem
with CBC ciphers and TLS1.0 in 1.0.2d (it's working fine for me) - so
there is something specific about your environment that is causing the
issue. Comments inserted below.
On 04/12/15 06:53, Jayalakshmi bhat wrote:
> Hi All,
>
>
>
> Recently we have ported OpenSSL 1.0.2d. Everything works perfect
except
> the below explained issue.
Is your application a client or a server? Are both ends using OpenSSL
1.0.2d? If not, what is the other end using?
> When we enable only TLS 1.0 protocol and select CBC ciphers,
How exactly are you doing that? Which specific cipher are you
seeing fail?
> Now my question is whatever I did is it correct?
That would not be a recommended solution
> Or Do need to replace
> complete s3_cbc.c with OpenSSL 1.0.1e?
No. You cannot just copy and paste stuff from 1.0.1 to 1.0.2.
Some other questions:
Are you able to provide a packet capture?
How did you build OpenSSL...i.e. what "Configure" options did you use?
What O/S is this on?
Matt
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users