Re: TLS version in ssl protocol header
On 5/2/2013 12:41 AM, Indtiny s wrote: Hi, Acutally I added ECC chiper suitesupport for the openssl 1.0.1c version for my requirement , I tried setting these options in 1.0.1c (SSL_OP_NO_TLSv1_1|SSL_OP_NO___TLSv1|SSL_OP_NO_SSLv3|SSL_OP___NO_SSLv2) . but did not work .. Is it not possible to set this in 1.0.1c .? There is at least one related bug fixed in later 1.0.1 releases, try 1.0.1e Content Type: Handshake (22) *Version: TLS 1.2 (0x0303)* Is this a dump of the output from your 1.0.1c with those options?, looks like it worked anyway then... Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: TLS version in ssl protocol header
Hi, Actually I did not add my cipher to 1.0.1c such a way that it can be easily added to the new version of openssl . So it may kill my more time if I want to do the same changes in the 1.0.1e . So what do you suggest here ? adding my changes to new openssl or is there any work around ? Content Type: Handshake (22) *Version: TLS 1.2 (0x0303)* No.. This is format which I want to add in the Client hello --Indra
Re: TLS version in ssl protocol header
On 5/2/2013 3:39 PM, Indtiny s wrote: Hi, Actually I did not add my cipher to 1.0.1c such a way that it can be easily added to the new version of openssl . So it may kill my more time if I want to do the same changes in the 1.0.1e . So what do you suggest here ? adding my changes to new openssl or is there any work around ? Content Type: Handshake (22) *Version: TLS 1.2 (0x0303)* No.. This is format which I want to add in the Client hello Ok, it is beyond what I know at this point, maybe someone more intimately involved with that part of the OpenSSL code can give you a better answer. Any takers? Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: TLS version in ssl protocol header
On Tue, Apr 30, 2013, Indtiny s wrote: Hi, I have compiled libcurl with openssl , When I tried for some TLS handshake . In the Clinet hello . Content Type: Handshake (22)*Version: TLS 1.0 (0x0301)* Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Version: TLS 1.2 (0x0303) Due to some requirment , server looks for the same version as well, I need to send a Clinet hello as below Content Type: Handshake (22)*Version: TLS 1.2 (0x0303)* Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Version: TLS 1.2 (0x0303) How to set the openssl to send a hello packet as above ..? Currently you can't without modifying the source code. When the first version of OpenSSL supporting TLS 1.2 was released a significant number of servers would just hang on receiving the client hello. One workaround was to use version 0x0301 in the initial client hello, this was added to subsequent releases. If you are using SSLv23_*method then you can change the code around line 793 of s23_clnt.c Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: TLS version in ssl protocol header
On Thu, May 02, 2013, Dr. Stephen Henson wrote: On Tue, Apr 30, 2013, Indtiny s wrote: Hi, I have compiled libcurl with openssl , When I tried for some TLS handshake . In the Clinet hello . Content Type: Handshake (22)*Version: TLS 1.0 (0x0301)* Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Version: TLS 1.2 (0x0303) Due to some requirment , server looks for the same version as well, I need to send a Clinet hello as below Content Type: Handshake (22)*Version: TLS 1.2 (0x0303)* Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Version: TLS 1.2 (0x0303) How to set the openssl to send a hello packet as above ..? Currently you can't without modifying the source code. When the first version of OpenSSL supporting TLS 1.2 was released a significant number of servers would just hang on receiving the client hello. One workaround was to use version 0x0301 in the initial client hello, this was added to subsequent releases. Minor clarification.. version 0x0301 at the record layer in the initial client hello. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: TLS version in ssl protocol header
Hi, Acutally I added ECC chiper suitesupport for the openssl 1.0.1c version for my requirement , I tried setting these options in 1.0.1c (SSL_OP_NO_TLSv1_1|SSL_OP_NO_**T LSv1|SSL_OP_NO_SSLv3|SSL_OP_**NO_SSLv2) . but did not work .. Is it not possible to set this in 1.0.1c .? Content Type: Handshake (22) *Version: TLS 1.2 (0x0303)* --Indra
Re: TLS version in ssl protocol header
On 5/1/2013 3:55 AM, Indtiny s wrote: Hi, I have compiled libcurl with openssl , When I tried for some TLS handshake . In the Clinet hello . Content Type: Handshake (22) *Version: TLS 1.0 (0x0301)* Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Version: TLS 1.2 (0x0303) Due to some requirment , server looks for the same version as well, I need to send a Clinet hello as below Content Type: Handshake (22) *Version: TLS 1.2 (0x0303)* Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Version: TLS 1.2 (0x0303) How to set the openssl to send a hello packet as above ..? Use OpenSSL library version 1.0.1e or later and pass the option bits: SSL_OP_NO_TLSv1_1|SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2 Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org