I'll look at it and hopefully understand something. but tomorrow. On Thu, Jul 16, 2015 at 7:56 PM, William A Rowe Jr <[email protected]> wrote:
> On Thu, Jul 16, 2015 at 12:02 PM, Michael Felt <[email protected]> wrote: > >> Here I have the output of just one test t/ssl/pr12355.t - and note the >> differences in the ssl_access_log - not just the error messages (I have >> removed all "debug" messages from the logs as they were "in the way". >> >> LibreSSL is version 2.2.0, OpenSSL is version 0.9.8m (yes I know very old, >> will test with latest patches later - I hope not relevant to here). >> >> So, please note: LibreSSL says access is: >> t/logs/ssl_request_log:[16/Jul/2015:11:47:12 +0000] 127.0.0.1 - - "POST >> /require-sha-cgi/perl_echo.pl HTTP/1.1" 403 237 >> while OpenSSL says >> t/logs/ssl_request_log:[16/Jul/2015:11:32:35 +0000] 127.0.0.1 TLSv1 RC4-SHA >> "POST /require-sha-cgi/perl_echo.pl HTTP/1.1" 200 11 >> >> My question: what can I do to understand why OpenSSL is adding TLSv1 >> RC4-SHA while LibreSSL is "- -" >> >> > I'll take this one item. Take a look into our implementation of > ssl_var_lookup_ssl > and particularly ssl_var_lookup_ssl_cipher. I would expect LibreSSL isn't > providing > any meaningful data to represent. > > >
