>> Results using prexit are attached. >> Openssl v1.0.1 beta 2 compiled on >> powerppc/linux >> Vs >> Win2008 R2 64bit IIS7 set to require client auth >> Command issued: >> openssl s_client -connect stk-tms.a51.lab:443 -cert >> /config/lighttpd/ssl.pem -CAfile /user/http_calist.pem -prexit -state >> Output attached >> > > I've developed this workaround: > > http://cvs.openssl.org/chngview?cn=22087 > > It seems OK on my test server. Let me know of any problems.
It's probably appropriate to clarify for public reference that you managed to trace the problem down to "client_version" field in RSA premaster secret. Quoting RFC 2246, 7.4.7.1. RSA encrypted premaster secret message. "client_version The latest (newest) version supported by the client. This is used to detect version roll-back attacks. Upon receiving the premaster secret, the server should check that this value matches the value transmitted by the client in the client hello message." Formulation arguably leaves room for interpretation whether "hello message" refers to initial one or last one from renegotiation. I mean I can imagine it to be interpreted as "last" one in which case [provided that "matches" means "equality"] it should fail. Maybe using TLS 1.2 hello even in renegotiation would be more fool-proof... ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org