On Thu, May 21, 2015 at 04:10:36PM +0800, King Cao wrote:
> I execute openssl and posttls-finger on the same machine, below are the ldd
> output.
>
> ldd /usr/bin/openssl
> ...
> libssl.so.10 => /usr/lib64/libssl.so.10 (0x0000003b66c00000)
> libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x0000003b64400000)
> ...
Is this the first "openssl" on your PATH? Your examples are
for "openssl" without an explicit "/usr/bin" prefix.
> ldd ./posttls-finger
> ...
> libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007f4f16516000)
> libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007f4f16135000)
> ...
This is I am guesing OpenSSL 1.0.x. Please post the output of:
"openssl version -a"
and
"/usr/bin/openssl version -a"
> > > # openssl ciphers 'ALL:+RC4:!3DES:@STRENGTH' -v| egrep -n 'RC4-MD5'
This is not the right way to find the offset, because you're counting
ciphers that are disabled in the absence of SRP or PSK shared
secrets and/or Kerberos credentials. To really determine what the
difference is, decode the two SSL client HELO messages with wireshark.
Also, not disclosing the server name or IP address is a major
impediment to getting help with this issue. I am much less effective
when blindfolded.
--
Viktor.
