On Fri, Sep 24, 1999 at 10:05:28AM -0400, Jim Miller wrote:
> Anyone had any problems with a browser trying to connect to an OpenSSL
> server? I seem to be getting upset down in the code because of a
> version conflict.
>
> Call trace:
> ------------
> mycode()
> SSL_accept()
> ssl3_accept()
> ssl3_get_message()
> ssl3_read_bytes()
> ssl3_get_record()
> {
> <snip>
> p = s->packet; // my packet looks like this at the beginning 80 40 01
> 03 00
You're using one of these:
SSL_METHOD *SSLv3_method(void); /* SSLv3 */
SSL_METHOD *SSLv3_server_method(void); /* SSLv3 */
but should be using one of these:
SSL_METHOD *SSLv23_method(void); /* SSLv3 but can rollback to v2 */
SSL_METHOD *SSLv23_server_method(void); /* SSLv3 but can rollback to v2 */
SSLv23_[server_]method supports the backwards compatible client hello
format that most clients use by default. SSLv3_[server_]method
supports *only* native SSL 3.0 -- no TLS 1.0 (which already exists in
many browsers), no backward compatible client hellos.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]