On Thu, Oct 01, 2009, joshi chandran wrote: > Hi Stephen, > > I have another query ... > > If i have an client application which is using a openssl 9.8k and > tries to connect to server which has older openssl 9.8d which do not > have support for tls extension. will the handshake fails in this case? > > I have gone through many documents and based on that , openssl has > some API through which only the client application can send the tls > extension during the handshake and if the client is not using this API > to set the tls extension , then i hope all the handshake will be > sucessful regardless if client and server have different openssl > version . Please correct if i am wrong >
In OpenSSL 0.9.8j and later extension support is included by default. There is one extension which is sent automatically: the session ticket extension. If you disable this with the appropriate flag then extensions will not be used. Extensions should be tolerated by any TLS or SSLv3 server because provision of additional data in the client hello is part of the specification. However some buggy servers will choke on TLS extensions. That includes earlier versions of OpenSSL unfortunately but this was fixed in 0.9.7c on 30 Sep 2003. Other versions of OpenSSL should be OK. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
