On Tue, Mar 30, 2010 at 7:35 AM, Thomas Jarosch <thomas.jaro...@intra2net.com> wrote: > 28141:error:14092073:SSL routines:SSL3_GET_SERVER_HELLO:bad packet > length:s3_clnt.c:878: > > openssl is compiled with the "no-tlsext" option. no-tlsext was added back > in 2009 as openssl 0.9.8j had trouble connecting to a Centos 3 based server. > (http://marc.info/?l=openssl-dev&m=123192990505188) > > openssl-0.9.8m is also affected. Any idea what might be going on?
A tcpdump would be very helpful. It might be that the reneg extension is sent even with no-tlsext, although I haven't checked the code. (But if the server is TLS intolerant, then it's really time to fix the server.) AGL -- Adam Langley a...@imperialviolet.org http://www.imperialviolet.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
