> From: owner-openssl-users On Behalf Of Erwann Abalea > Sent: Friday, October 11, 2013 08:49
> Le 11/10/2013 03:35, nehakochar a écrit : > > Rajesh Malepati wrote > >> On Wed, Jul 24, 2013 at 9:30 PM, kirpit <kirpit@> wrote: > >> The server doesn't seem to care to respond to clients supporting TLS 1.2 <snip> > > I ran into the same problem and then came across this thread. According to > > http://tools.ietf.org/html/rfc5246#appendix-E: <snip> > > Why then the server isn't responding at all to the Client Hello for TLS1.2? > > Is this expected behavior with OpenSSL 1.0.1e? If it is, then this would > > need to be fixed as it is not compliant with the RFC. > > The server and client are both compliant. > > With the first command, you tell the client to use TLS1.0 only. No more, > no less. The server is ok with it, and both negociate TLS1.0. > With the second command, you tell the client to use TLS1.2 only, again > no more no less. The server receives a TLS1.2 negociation, replies with > a TLS1.0 server hello message, and the client refuses it, cleanly > (because you told it to do so). > If the server responds with a lower version, yes the client refuses it when told to require higher. That's not what the OP described, or the earlier thread (and several others) said. They said *NOT ANY* response. I'm not sure about the particular thread cited here, but some threads said and experiment confirmed that s_client default (no versions required or prohibited) also failed the same way. That's broken, although it's arguably not actually noncompliant. 5246 can't impose requirements on a 4346 or 2246 implementation; note the old-server behavior is worded as 'will' while the 1.2-client handling of downrev is 2119 MUST (send alert 70). Neither earlier RFCs nor 5246 explicitly requires the server to handle ClientHello over about 256 bytes, which was observed to cause the problem, although since 3546 and 4346 it's known that this message can and does grow, and a competent implementation should handle that reasonably. > If you want to allow only TLS1.0, TLS1.1 and TLS1.2, use "-no_ssl2 > -no_ssl3" options instead. 1.0.0+ defaults to SSL3/TLS format so it already won't succeed in negotiating SSL2 even if you don't explicitly -no_ssl2. But this doesn't help with broken servers. As long as 1.2 is enabled, OpenSSL client sends the longer ClientHello. You can use -no_tls1_2 to allow only lower versions, select a specific lower version, or restrict the cipherlist so that it shrinks the ClientHello small enough. And you should complain to the server operator(s) -- although if they're on old software and can't easily upgrade, that may not help. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
