> More generally, I have found that it is often useful to heuristically adjust
> server side negotiation options based on clues found in the initial handshake
YES!
See https://github.com/openssl/openssl/pull/1597
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/lis
On 27/10/2016 00:48, Matt Caswell wrote:
On 26/10/16 21:06, Michael Kocum wrote:
1.1.0b fails to negotiate from an old program that uses OpenSSL.
The same old program can connect to 1.0.2h without any problem.
Here is the debug log of the server. Maybe someone can point me in the right
directi
>This is very likely to be your problem. To test the theory, try adding
>"-named_curve P-256" onto your s_server line. P-256 is a much more
>widely supported curve.
Yes, this fixed the problem.
Thank you for your support in this case.
--
Michael Kocum [DataEnter]
mich...@dataenter.co.at
--
o
On 26/10/16 21:06, Michael Kocum wrote:
> 1.1.0b fails to negotiate from an old program that uses OpenSSL.
> The same old program can connect to 1.0.2h without any problem.
>
> Here is the debug log of the server. Maybe someone can point me in the right
> direction what the problem might be.
>
The old version is probably using DH keys that are too small.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users