> In OpenSSL 0.9.8j and later extension support is included by default. There is > one extension which is sent automatically: the session ticket extension. If > you disable this with the appropriate flag then extensions will not be used. >
Disabling is to be done at client application ? If this session ticket extension is send by client and server does not handle this extension, will the handshake fails? Thanks in advance On Thu, Oct 1, 2009 at 5:09 PM, Dr. Stephen Henson <[email protected]> wrote: > On Thu, Oct 01, 2009, joshi chandran wrote: > >> Hi Stephen, >> >> I have another query ... >> >> If i have an client application which is using a openssl 9.8k and >> tries to connect to server which has older openssl 9.8d which do not >> have support for tls extension. will the handshake fails in this case? >> >> I have gone through many documents and based on that , openssl has >> some API through which only the client application can send the tls >> extension during the handshake and if the client is not using this API >> to set the tls extension , then i hope all the handshake will be >> sucessful regardless if client and server have different openssl >> version . Please correct if i am wrong >> > > In OpenSSL 0.9.8j and later extension support is included by default. There is > one extension which is sent automatically: the session ticket extension. If > you disable this with the appropriate flag then extensions will not be used. > > Extensions should be tolerated by any TLS or SSLv3 server because provision of > additional data in the client hello is part of the specification. However some > buggy servers will choke on TLS extensions. That includes earlier versions of > OpenSSL unfortunately but this was fixed in 0.9.7c on 30 Sep 2003. Other > versions of OpenSSL should be OK. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List [email protected] > Automated List Manager [email protected] > -- Regards Joshi Chandran ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
