I am testing a Java 1.6.x SSL client against Apache httpd 2.2.21 compiled against OpenSSL 1.0.1 beta 1.
The Java client refuses to connect to the server, complaining about unsupported "type_15" extension. Network traffic capture shows the server responding to an uninteresting TLS 1.0 ClientHello (without any extensions) with a ServerHello that does indeed contain extension 15. The bytes are: 00 0f 00 01 01. My understanding is that the server should not be responding with any ServerHello extensions the client did not ask for. The RFC states that clients should abandon such connections, which is what the Java client is doing. The extension is also there when I connect with an older version of OpenSSL, but it seems that the OpenSSL client ignores it. Firefox and Chrome, on the other hand, do not, and bail out. -- Ivan Risti? ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org