Hello, > > > It seems the OpenSSL TLS server, when forced to use TLSv1, > > > shuts down the connection immediately after receiving a > > > ClientHello with major version number not equal to 0x03. > > > Nothing was sent to the client to notify the error. > > > > What could be sent to the client to notify it of the error? Since the server > > was forced to speak TLSv1, and all evidence suggests the client does not > > speak TLSv1, what format should the error notification take? > Depends. > If SSL3-only client connects to TLS1-only > server then SSL3 alert message will be sent to client (by server).
> If SSL2 handshake is sent by client to server (with SSL3/TLS1 > proposition or not) TCP socket will be closed by server. This statement is for OpenSSL only, but after looking at that second time I think that this is bug. Why TLS1 proposition is rejected when sent in SSL2 client_hello packet and TCP connection is closed (instead of sending alert message) ? SSL2 client_hello is compatibility method here. This connections should not be closed but established in TLS1 mode. In GNUTLS this works ok and in any case (SSL2/SSL3/TLS1/TLS11) proper alert message is returned to client. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
