On Fri, Jan 13, 2006, Krishna M Singh wrote: > > I remember the SSL stack of Netscape and Firefox are OpenSSL variants. > Does this mean the same has been fixed in their stacks or is it > handled by the application itself?. >
Then you remember incorrectly. Netscape and Firefox use NSS which is not based on OpenSSL. > Any pointers will be of great help. thanks a lot for going thru my long mail. > The problem is that server, not the client. If the server handled this correctly it would recognize that the client supported TLS[*] but would negotiate SSLv3 instead. The server attempts to do this but messes up somewhere during the handshake or the internal session setup. Steve. [*] Well it wouldn't know it was TLS if it had no knowledge of TLS. It would simply appear to be a version of SSL higher than it could handle so it would use the version it could handle: SSLv3. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
