I've tried with OpenSSL 0.9.8k and OpenSSL 1.0.1 which both work ok with no special options. The Cisco CSS is quite an old load balancer and doesn't support TLS 1.1 let alone TLS 1.2 so I'm not sure why openssl 1.0.1c would fail until you specifically told it to ignore TLS 1.2. I thought as part of the negotiation, openssl would have detected that TLS 1.0 was only supported.
I had a quick look through the openssl changelog ( http://www.openssl.org/news/changelog.html) to see if there was any obvious changes between 1.0.1 and 1.0.1c that might cause the problem but nothing jumped out to me. I don't know if the problem see in openssl 1.0.1c might be related to the problem I'm seeing in gnutls 3.0.20? I couldn't see a similar option for gnutls-cli to force TLS 1.0 or ignore TLS 1.2 for me to test. Thanks for the help.
_______________________________________________ Help-gnutls mailing list [email protected] https://lists.gnu.org/mailman/listinfo/help-gnutls
