> I have been using libjingle (http://code.google.com/p/libjingle/) with > openssl on linux. I recently upgraded my openssl from 0.9.8g to 0.9.8j, > and suddenly my TLS negotiation stopped working. I reverted back to > 0.9.8g, and it started working again. > > Is there a particular change that might be causing this? > > I see a Client Hello A packet, then a read error, and then there is no > further reads on the 0.9.8j, whereas with the 0.9.8g there are further > reads, and the TLS handshake completes. > > To verify, you can download the code from > http://code.google.com/p/libjingle/, and then configure/make it. After > make, you can go to libjingle-0.4.0/talk/examples/pcp, and run ./pcp. > There you can put in your googletalk username/password to login. With > 0.9.8g it will login, but with 0.9.8j it will just hang at logging in > (in the tls handshake). Any help is appreciated.
I've run into this same issue before in my own products. It is due to a bug on the server side. Most likely the server is running an older version of OpenSSL not being able to handle tls extensions in the protocol stream. One such extension, TLS Tickets, are enabled by default in later versions of 0.9.8. To correct this issue you need to disable ticket support on the client side at runtime. You can use something like this to do that: #ifndef OPENSSL_NO_TLSEXT SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET); #endif -Brad ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
