I have sorted this out. In case anyone's interested...
I was trying to connect to a web server which was protected by both TLS1.0
(reported by IE4 as "TLS3.1") and Apache style .htaccess password
protection. I thought I had to connect using HTTP on port 80 first, do
password authorisation, then start the SSL session. Wrong! You have to
first connect on TCP port 443, establish the SSL session, build the HTTP GET
request as normal (without the https:// part - this is apparently implied by
using port 443) and including the "Authorization: Basic blahblah" part, then
send that using SSL. That is:
do TCP socket setup
do SSL setup
do SSL connect
compute HTTP Authorization string (username:password encoded in base64)
build HTTP GET request, eg.
GET /local/path/doco.txt HTTP/1.0 CRLF
Authorization: Basic <computed auth string>CRLF
CRLF
SSL_write(..GET request..)
SSL_read(..doco..)
cleanup SSL
cleanup socket
> -----Original Message-----
> From: Schubert, Paul [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, August 31, 2000 10:07 AM
> To: [EMAIL PROTECTED]
> Subject: TLS3.1 Problem
>
> Hi All,
>
> Newbie question here.
>
> I'm trying to write a simple little HTTP client that connects to a web
> server and retrieves a text page that is protected by SSL. IE4 reports
> the
> properties of the security for this page as having a security protocol =
> TLS3.1. From a bit of web searching, it looks like this is just the next
> version of SSL (subsequent to 3.0?). Can someone please confirm that.
>
> It also seems that the current version of openSSL doesn't support this..?
> Here is an extract of my code, which is directly based on the cli.cpp in
> the
> demos/ssl directory:
>
> SSLeay_add_ssl_algorithms();
> meth = SSLv2_client_method();
>
>
> On execution, this returns an error like: 19244:error:1407D0E5:SSL
> routines:SSL2_READ:ssl handshake failure:s2_pkt.c:100:
>
> This error seems to occur after connecting, and during SSL_read().
>
> I had a browse through the header files, and it looks like the other
> supported methods are SSLv3 and TLSv1. I also tried these and got this
> error for both:
>
> 19333:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
> number:s3_pkt.c:279:
>
> I went to s3_pkt.c and just for kicks commented out this error checking,
> as
> I'd read that TLS3.1 is very similar to SSLv3. Unfortunately it still
> errored with some problem regarding packet size.
>
> So my questions are; does openSSL support TLS3.1, and if so, what method
> should I use?
>
> Thanks,
>
> Paul Schubert
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
