Hi, On 04/23/2014 10:10 AM, Gert Doering wrote: > On Tue, Apr 22, 2014 at 10:58:22PM -0400, Timothe Litt wrote: >> It does not appear to be the negotiation, rather it's TLS1.2. > > This is quite cool, thank you. (I'm not enough of a crypto geek to > make real sense out of it, but it's quite useful to understand where > it is failing, and I appreciate that you took the time to dig into it) > > Steffan, Arne, any ideas?
This sounds very plausible, yes. I've seen situations in which an OpenSSL 2.3.3 client refuses to connect to a PolarSSL 1.2.10 server. I tried to reproduce that in a test setup last night, but did not manage make it break. So I'm still a bit in the dark on the real cause. For the 'fix the breaking asap', maybe we should add an --tls-version-max if that really resolves the problem. -Steffan
