Hi Eren! On Mon, 16 Nov 2009 01:19:11 +0200 Eren Türkay <e...@pardus.org.tr> wrote:
> > The only way to get established ssl handshake openssl s_client is > > to use the -ssl3 option. In some cases such as: > > This is the same situation in 0.9.8-stable branch, too. The only way > to connect to the server is -ssl3 option. With -tls1, openssl cannot > get hello message from the server. Problem reported by Tomas should be unrelated to the recent renegotiation fixes as it's reproducible with 0.9.8k too (when using -tls1 argument for s_client) and -no_ticket was reported to help. > However, when I pass -tls1 option, localhost just works fine.. Also, > renegotiation is done. If I'm not wrong, 0.9.8-stable branch contains > TLS extension for renegotiation issue. ... > I think, there are some problems with s_client, rather than > implementation. As seen from this, -tls1 option works fine with newer > openssl on both client and server. The difference between 1.0.0 and 0.9.8 should be caused by what I mentioned here (different client hello versions): http://marc.info/?l=openssl-dev&m=125803022028046&w=2 The same difference between versions is likely to be the reason why the openfire issue was only reported for 1.0.0. th. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
