What you could also consider doing is to look at list of cipher suites
that you advertise during handshake and try to restrict it a bit.
I had same problem with F5 BIG-IP after migration OpenSSL 1.0.0 -
1.0.1k (it seems there was many ciphers added between those to versions
which makes). Then
Well, the (open source) library Kannel gwlib (which is not mine, btw, since I'm
not associated with Kannel project) works fine.
My project simply uses both Kannel gwlib and openssl.
On the other hand, it is not always possible to persuade the proprietary
vendors to fix their implementations. I
Yes, the stuck connection bug I mentioned is the F5 BigIP needs padding bug
or is very similar to it.
Sorry for the confusing explanation.
-- реклама ---
Крутые телефоны! Низкие цены! Покупай тут!
Yes, I did it (see my original message - it works with SSL_OP_NO_SSLv2 |
SSL_OP_NO_TLSv1). I'm not having trouble in getting it to work.
But, my server also supports SSLv3.
And the problem I described is not in the connection being stuck (I only
mentioned it as a related bug), but error messages