[openssl.org #1527] bug report - interop between TLS 1.1 and TLS 1.0 is not working
Can't reproduce. Very old versions. No additional info provided. Closing ticket. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
Re: [openssl.org #1527] bug report - interop between TLS 1.1 and TLS 1.0 is not working
We have some interop issue between TLS 1.0 and TLS 1.1. Our application is based on OpenSSL 0.9.7 version (Linux - Operation system). This is Radvision SIP stack and oSIP stack. I don't quite understand. Does OpenSSL act as server or client? You must be referring to server... It doesn't work with one of two possible scenarios: 1) Client sends hello request to server where indicates that the latest supported version it is TLS 1.1. Server accepts this request but doesn't send back to client server hello request where should indicate the latest supported version for him TLS 1.0. After that the connection is dropped. (In correct behavior, server should send back to client server hello request with TLS 1.0 and after that client should re-send hello request but already using TLS 1.0). If we assume that OpenSSL acts as server, then I can't confirm this. I tried to send TSL 1.1 headers to 'openssl s_server' and it does not prevent it from responding with TLS 1.0 server hello. If we assume OpenSSL acts as client then it has to be modified version and then it's your responsibility... A. __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
[openssl.org #1527] bug report - interop between TLS 1.1 and TLS 1.0 is not working
Hi All, We have some interop issue between TLS 1.0 and TLS 1.1. Our application is based on OpenSSL 0.9.7 version (Linux - Operation system). This is Radvision SIP stack and oSIP stack. It doesn't work with one of two possible scenarios: 1) Client sends hello request to server where indicates that the latest supported version it is TLS 1.1. Server accepts this request but doesn't send back to client server hello request where should indicate the latest supported version for him TLS 1.0. After that the connection is dropped. (In correct behavior, server should send back to client server hello request with TLS 1.0 and after that client should re-send hello request but already using TLS 1.0). 2) The second scenario works properly. Client sends hello request with TLS 1.0 to server which already supports TLS 1.1. Server accepts client request and answers by server request with TLS 1.0. Do you know such issue? Does the latest version of OpenSSL have the fix which solves issue? Thanks, Ilya Kudryashov inline: winmail.dat
Re: [openssl.org #1527] bug report - interop between TLS 1.1 and TLS 1.0 is not working
Hi, There are quite a few known issues with TLS 1.0/SSL v3 servers and TLS 1.1 and/or TLS Extensions. I've documented these problems in an IETF draft, draft-ietf-tls-interoperability-00.txt, which has now expired. A copy of the most recent draft is available via my archive link in URL: http://my.opera.com/yngve/blog/2006/10/16/more-about-tls-interoperability More background is available from my first announcement article URL: http://my.opera.com/yngve/blog/show.dml/319177 The only way to handle this is to try a connection using the TLS features and fall back if it fails. Opera 9 does this by testing TLS 1.0 then working up to TLS 1.1 and TLS Extensions in small steps. On Wed, 23 May 2007 17:50:54 +0200, Ilya Kudryashov via RT [EMAIL PROTECTED] wrote: Hi All, We have some interop issue between TLS 1.0 and TLS 1.1. Our application is based on OpenSSL 0.9.7 version (Linux - Operation system). This is Radvision SIP stack and oSIP stack. It doesn't work with one of two possible scenarios: 1) Client sends hello request to server where indicates that the latest supported version it is TLS 1.1. Server accepts this request but doesn't send back to client server hello request where should indicate the latest supported version for him TLS 1.0. After that the connection is dropped. (In correct behavior, server should send back to client server hello request with TLS 1.0 and after that client should re-send hello request but already using TLS 1.0). 2) The second scenario works properly. Client sends hello request with TLS 1.0 to server which already supports TLS 1.1. Server accepts client request and answers by server request with TLS 1.0. Do you know such issue? Does the latest version of OpenSSL have the fix which solves issue? Thanks, Ilya Kudryashov -- Sincerely, Yngve N. Pettersen Senior Developer Email: [EMAIL PROTECTED] Opera Software ASA http://www.opera.com/ Phone: +47 24 16 42 60 Fax:+47 24 16 40 01 __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
