What I've narrowed it down to is this ...
Command run:
./openssl s_client -no_ssl2 -connect igusprodb.globalpay.com:443
Tested versions:
OpenSSL 0.9.8h - good
OpenSSL 0.9.8i - good
OpenSSL 0.9.8j-stable-SNAP-20081123 - good
OpenSSL 0.9.8j release - bad
Without the -no_ssl2, the release 0.9.8j is fine. Also, if I
pass -no_ticket _with_ -no_ssl2, it works ...
So I'm wondering what's happened since November that would cause
this to fail... The 20081123 snapshot is the only one I have, I'll have
to do pulls directly from CVS to try to narrow the timeframe down
further, but maybe someone else knows already what the issue is...
In 0.9.8j TLS extensions are enabled by default. If you use an SSLv2
compatible client hello then extensions are not sent.
Some older implementations (including ancient versions of OpenSSL) don't handle
this situation properly. I suspect you've come across one of those.
I have no control over the server, only the client, so I'll need to
manually disable ticket support then in my application, not a big deal,
just need to recompile and package ...
BTW, I didn't see in the changelog the fact that tls extensions were
enabled by default between 0.9.8i and j...
Thanks
-Brad
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
