Bodo Moeller wrote:
> On Thu, Sep 14, 2000 at 10:52:29AM +0800, Fung wrote:
>
>>> Have you tried using the SSLv23_method() instead of the SSLv3_method()?
>
>> But I know SSLv23_method has bugs at this version 0.9.5a.
>
> Can you elaborate?
I think what he meant is that in some cases SSLv23_method fails to negotiate
with the server.
For example, I have a client application that retrieves web pages from
SSL-enabled web servers. When it attempted to connect to a server
(Apache/1.2.6 with Ben-SSL/1.17) using SSLv23_method, SSL_connect returned
no error and SSL_get_version returned "TLSv1". When it called SSL_write to
send a HTTP request, however, SSL_write gave me a "ssl handshake failure"
message.
Further investigation revealed that this particular server does not support
TLSv1. Therefore I think it is either a bug in SSLv23_method or a bug in
the server. In another case, I used SSLv23_method in a connection to a
server running Oracle Web Listener. This time there was an a "sslv3 alert
illegal parameter" given by SSL_connect before SSL_write gave me the "ssl
handshake failure" message. However, using SSLv3_method caused no problem.
As I mentioned in another post, I wonder if a failed connection can be
detected earlier, i.e. before I start using SSL_read and SSL_write. Also,
is there any relevant changes in SSLv23_method in OpenSSL 0.9.6 that fixes
these problems?
Regards,
Michael Lee
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
