On Mon Nov 24 09:40:37 2014, aliosa.janko...@gmail.com wrote: > The connection to www.vehicleenquiry.service.gov.uk fails with openssl > 1.0.1j even if it works well in IE and Google Chrome. This is actually a > regression because it works well even in openssl 1.0.0o version. I > discovered the issue in fancybrowser example from Qt distribution which is > using the openssl 1.0.1j. As I mentioned, the same code works well with > openssl 1.0.0o. >
I can reproduce this problem. This appears to be a buggy version intolerant server. One of the key differences between OpenSSL version 1.0.0 and 1.0.1 is that the latter supports TLS1.1 and TLS1.2. This server only appears to want to talk TLS1.0 and is intolerant of anything above that. A successful connection can be achieved from 1.0.1 to this server using the following command line: openssl s_client -connect www.vehicleenquiry.service.gov.uk:443 -tls1 But this fails: openssl s_client -connect www.vehicleenquiry.service.gov.uk:443 -tls1_1 The ClientHello messages sent by the above two commands are practically identical, except the first sends this: Header: Version = TLS 1.0 (0x301) Content Type = Handshake (22) Length = 248 ClientHello, Length=244 client_version=0x301 (TLS 1.0) Random: gmt_unix_time=0x780E9101 random_bytes (len=28): 2CA6B1EA88AE4556927747E20844693556F62432145041839C7CCB19 ... and the second sends this: Header: Version = TLS 1.0 (0x301) Content Type = Handshake (22) Length = 248 ClientHello, Length=244 client_version=0x302 (TLS 1.1) Random: gmt_unix_time=0x4BF7104C random_bytes (len=28): 052497190EA6BDA167B872674DD72DC4BAB128AF7B32B07FE28C8C49 ... The rest of the Client Hello is basically the same. On receipt of a TLS1.1 or TLS1.2 ClientHello the server is shutting down the connection with no alert sent. Expected behaviour is that it will respond with a ServerHello with TLS1.0 selected. The most likely reason that Chrome/IE are working correctly is that they implement fallback to work around buggy version intolerant servers. Essentially they will try with a TLS1.2 ClientHello, and if that fails they'll try a TLS1.1 ClientHello, and so on. Applications written using OpenSSL can do this too, but it's an application responsibility not an OpenSSL one. Note that if you do this then you should use SSL_MODE_SEND_FALLBACK_SCSV for any retries (not the first attempt). See https://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html for details. Closing this ticket. Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
