On 28/11/16 21:58, Blumenthal, Uri - 0553 - MITLL wrote:
>> I can't reproduce this. But on the other hand I don't have previous
>     >installation on --prefix. 
> But did you add “enable-tls1_3” to your config?
>     >I mean I would guess this is because test
>     >program picks shared libraries at --prefix locations instead of just
>     >built ones, and those don't recognize 19-mac-then-encrypt.conf options.
>     >Originally shlib_wrap.sh had DYLD_INSERT_LIBRARIES to make it work, but
>     >it appears to be gone now... You should be able to confirm this by
>     >temporarily renaming --prefix location and running 'make test' or
>     >forcing install without testing...
> I forced the install without testing, and then re-ran the entire build and 
> test. I’m getting the very same problem.  I must also say that I’ve been 
> tracking 1.1 branch for a very long time, always using this approach (without 
> even forcing the install – it did not seem confused regarding what libraries 
> to link against). 
> The only thing that changed for this build now was addition of 
> “enable-tls1_3” config option (and of course, pulling the latest stuff from 
> the master).
> Removing “enable-tls1_3” and reconfiguring makes this error disappear. So I 
> think it’s somewhere in tls1_3 code. ;-)

The problem is in the test. Version negotiation happens before cipher
selection. The test creates a connection which negotiates TLSv1.3. It
then attempts to select a cipher. However no TLSv1.3 ciphers are offered
by the test so the connection aborts. In truth the test is all about
mac-then-encrypt which doesn't apply to TLSv1.3 anyway, so the test
should just disable negotiation of that protocol version.


openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

Reply via email to