I am testing a Java 1.6.x SSL client against Apache httpd 2.2.21
compiled against OpenSSL 1.0.1 beta 1.
The Java client refuses to connect to the server, complaining about
unsupported type_15 extension.
Network traffic capture shows the server responding to an
uninteresting TLS 1.0 ClientHello (without any extensions) with a
ServerHello that does indeed contain extension 15. The bytes are: 00
0f 00 01 01. My understanding is that the server should not be
responding with any ServerHello extensions the client did not ask for.
The RFC states that clients should abandon such connections, which is
what the Java client is doing.
The extension is also there when I connect with an older version of
OpenSSL, but it seems that the OpenSSL client ignores it. Firefox and
Chrome, on the other hand, do not, and bail out.
--
Ivan Risti?
__
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org