On Tue, 3 Mar 2015 08:43 +0000 (GMT Standard Time), you wrote: > > > I have a high security email program that I'm trying to correct for > > POODLE in. It also uses https. > > Which version of ICS TWSocket are you using, and which OpenSSL version? 1.0.1j > fixed Poodle. Is this a client or server?
My ICS has revised date: Sept 3, 2014. It's a nightly snapshot. I have OpenSSL 1.0.1k (compiled by you). I have an SMTP client and an HTTP client. > A client has much less control over ciphers than a server, the latest ICS V8 > provides several levels of Ciphers used by Mozilla with > sslCiphersMozillaSrvHigh being the best. > > This was all discussed when I explained how to stop Poodle in a mailing list > post on 20 October 2014. > Connecting to Gmail, I get excellent ciphers: > > SSL Connected OK with TLSv1.2, cipher ECDHE-RSA-AES128-GCM-SHA256, key > exchange > ECDH, encryption AESGCM(128), message authentication AEAD Well, I tried the mozilla ciphersuite and it didn't work. Then when I set SslVersionMethod back from sslTLS_v1 to sslV23 it worked! Go figure. sslTLS_V1 was causing it to use only TLS 1.0. Now I'm getting TLS1.2. Great! Can you tell me why I get the 'SSL3_CLIENT_HELLO:no ciphers available' fatal error (as mentioned in my first message), when using the cipher suite ALL:!ADH:!MD5:!SSLv3:+TLSv1.2:@STRENGTH. I have a USENET news reader program that uses an indy nntp client and the suite works fine with it. Thanks, George -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
