On Tue, 3 Mar 2015 08:43 +0000 (GMT Standard Time), you wrote:
>
> > I have a high security email program that I'm trying to correct for
> > POODLE in. It also uses https.
>
> Which version of ICS TWSocket are you using, and which OpenSSL version? 1.0.1j
> fixed Poodle.  Is this a client or server?

My ICS has revised date: Sept 3, 2014. It's a nightly snapshot. I have
OpenSSL 1.0.1k (compiled by you). I have an SMTP client and an HTTP
client.

> A client has much less control over ciphers than a server, the latest ICS V8
> provides several levels of Ciphers used by Mozilla with
> sslCiphersMozillaSrvHigh being the best.
>
> This was all discussed when I explained how to stop Poodle in a mailing list
> post on 20 October 2014.

> Connecting to Gmail, I get excellent ciphers:
>
> SSL Connected OK with TLSv1.2, cipher ECDHE-RSA-AES128-GCM-SHA256, key 
> exchange
> ECDH, encryption AESGCM(128), message authentication AEAD

Well, I tried the mozilla ciphersuite and it didn't work. Then when I
set SslVersionMethod back from sslTLS_v1 to sslV23 it worked! Go figure.
sslTLS_V1 was causing it to use only TLS 1.0. Now I'm getting TLS1.2.
Great!

Can you tell me why I get the 'SSL3_CLIENT_HELLO:no ciphers available'
fatal error (as mentioned in my first message), when using the cipher
suite ALL:!ADH:!MD5:!SSLv3:+TLSv1.2:@STRENGTH. I have a USENET news
reader program that uses an indy nntp client and the suite works fine
with it.

Thanks,

George

-- 
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be

Reply via email to