> From: owner-openssl-us...@openssl.org On Behalf Of Amit Singh > Sent: Saturday, 25 April, 2009 01:49
> I upgraded from Openssl 0.9.8g to 0.9.8j. Our client > interfaces to a picky SSL server implementation in JAVA, > version currently unknown. > > With openssl 0.9.8j the connection does not establish with > this server. > > Basically, the server does not respond to a client hello. > > I dumped the client hello msg (thanks for providing the > msg_callback routine) sent out from 0.9.8j & 0.9.8g and there > are differences in either the cipher suite spec or > compression method bytes at the end of the msg. > No, it's TLS extensions, now enabled by default in 0.9.8j. And apparently not supported by your picky server. In particular, 0x23=35 seems to be session_ticket. Either (re-configure and) build with no-tlsext; or it appears to me that SSL_[CTX_]set_option of (or including) SSL_OP_NO_TICKET will stop this one. (I bet this is going to become a FAQ.) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
