Tat,
This is an SSLv2 backward compatible hello message carried in an SSLv2
record layer. The first byte 0x80 has the high bit set to1, which signals
that the length of the record should be computed from the remaining 7 bits
of the byte and the next byte, thus the length of the record is 0x5b bytes.
The rest of the message should follow section 4.19 of Rescorla's book, or
section E.1 of RFC2246.
This kind of client hello message is produced by the
SSLv23_client_method() of OpenSSL
(http://www.openssl.org/docs/ssl/SSL_CTX_new.html#).
I can't seem to find a description of the SSLv2 record protocol in any
of the TLS or SSLv3 rfc's or draft RFC's. I do have an HTML document that I
scrounged from somewhere (probably sun) describing SSLv2. I'd be glad to
e-mail to anyone or post it to the list.
_____________________________________
Greg Stark
Ethentica, Inc.
[EMAIL PROTECTED]
_____________________________________
----- Original Message -----
From: "Tat Sing Kong" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, February 23, 2001 11:59 AM
Subject: Protocol messages
> According to my SSL book, a clientHello looks like this:
>
> (decimal values)
>
> 22 3 0 <len> <len> 1 <len> <len> <len> 3 0 <random 32 bytes> <id>
> <session id> <ciphers> <compress>
>
> But what I get from my SSL client is this:
>
> (in hex)
>
> 80 5b 01 03 01 00 42 <random 32 bytes> ...
>
> Which looks nothing like the book says, but it works anyway.
>
> Then with my Netscape LDAP client, the cipher and compress fields are
> completely missing. What gives?
>
> It should be noted that I can't get Netscape LDAP over SSL to work at
> all...
> Tat.
>
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
