>> - sourceforge.net > > This one still fails, but I believe that that was caused by the > load balancer of F5 Networks (Big IP).
And there is no good solution for it, except for updating load balancer software. The only thing one can do otherwise is to minimize ClientHello by aggressively excluding ciphers. But you have to keep in mind to disable enough to accommodate even session-id, so that you won't suffer from the problem upon attempt to resume. For example it's possible to 'apps/openssl s_client -connect sourceforge.net:443 -no_tls1_2 -no_tls1_1', *but* if you save session data and try to resume, you're stuck... To resume you'd have to complement it with e.g. -cipher DEFAULT:\!EXPORT:\!DES:\!SEED... ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
