On Thu, May 21, 2015 at 09:33:41AM +0200, Anvesh Vagiri via RT wrote: > Hi, > > Since the upgrade to openssl 1.0.1e, i could see failures in ssl handshake. > I found that as the below commit mentions about a workaround about trying > to use the flags OPENSSL_MAX_TLS1_2_CIPHER_LENGTH and OPENSSL_NO_TLS1_2_CLIENT > . > > For me the second flag finally worked and disabling TLS 1.2 fixed the > issue. But im looking for a permanent fix instead of this workaround. Was > there a complete fix done for this issue.
The fix is to fix the other end, some firewall or ssl accelerator. This is not a bug in OpenSSL, this is a workaround for other broken products. If you're trying to connect to a public web site, the following URL might be able to tell what's wrong with the other side: https://www.ssllabs.com/ssltest/ It's most likely version intolerant, since the first define didn't help. You probably also only get a TLS 1.0 connection and not even a 1.1 connection. Kurt _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
