It looks like that SSLv3_server_method and SSLv23_client_method cannot
talk to each other? It works ok if both are the same. The netscape
client also cannot talk to the OpenSSL SSL3 server.
I have thought that the SSL3 server should respond to the SSL23
request that use SSL3 instead of SSL2. Isn't it supposed to be that
the SSLv23_client can work in SSL3 modes? Have I misunderstood this.
It looks like the specifications for both TLSv1 and SSL3 don't say what
to do in this situation. Perhaps the server should send back an alert
message instead of closing the connection?
In server:
% s_server -state -debug -ssl3
Using default temp DH parameters
ACCEPT
SSL_accept:before SSL initialization
read from 40025780 [14003B560] (5 bytes => 5 (0x5))
0000 - 80 6b 01 03 01 .k...
SSL_accept:error in SSLv3 read client hello B
ERROR
14519:error:1408F109:SSL routines:SSL3_GET_RECORD:wrong version
number:s3_pkt.c:287:
shutting down SSL
CONNECTION CLOSED
ACCEPT
and in client:
% s_client -connect localhost:4433
CONNECTED(00000003)
18696:error:140790E3:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:224:
When the client is netscape4.51 the server gets following data:
% s_server -state -debug -ssl3 -www
Using default temp DH parameters
ACCEPT
SSL_accept:before SSL initialization
read from 4002E200 [140036000] (5 bytes => 5 (0x5))
0000 - 80 25 01 03 .%..
0005 - <SPACES/NULS>
SSL_accept:error in SSLv3 read client hello B
read from 4002E200 [140036005] (768 bytes => 34 (0x22))
0000 - 00 0c 00 00 00 10 02 00-80 04 00 80 00 00 03 00 ................
0010 - 00 06 50 4d 25 9a db 95-6d d7 3d 83 27 8d 15 fe ..PM%...m.=.'...
0020 - 18 0a ..
Regards,
Jussi
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
