Hi !
After installing ssldump, I could compare windows xp and windows 7 clients
STARTTLS negotiation.
While the windows 7 used TLS_RSA_WITH_AES_128_CBC_SHA via TLSv1/SSLv3
Windows XP output is
New TCP connection #1: 10.0.0.252(5000) <-> my.server (25)
1 1 0.0182 (0.0182) C>S SSLv2 compatible client hello
Version 3.1
cipher suites
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
SSL2_CK_RC4
SSL2_CK_3DES
SSL2_CK_RC2
TLS_RSA_WITH_DES_CBC_SHA
SSL2_CK_DES
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
TLS_RSA_EXPORT_WITH_RC4_40_MD5
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
SSL2_CK_RC4_EXPORT40
SSL2_CK_RC2_EXPORT40
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
TLS_DHE_DSS_WITH_DES_CBC_SHA
TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA
1 2 0.0188 (0.0005) S>C Handshake
ServerHello
Version 3.1
session_id[32]=
3e d1 e3 37 a1 47 c0 87 ff 1c 8b bf ab f3 fa 94
f7 da e7 27 d1 54 cf 10 95 ad ec c9 b4 90 b1 6d
cipherSuite TLS_RSA_WITH_RC4_128_MD5
compressionMethod NULL
1 3 0.0188 (0.0000) S>C Handshake
Certificate
1 4 0.0202 (0.0014) S>C Handshake1 5 0.0202 (0.0000) S>C Handshake1
0.0229 (0.0026) C>S TCP FIN
1 0.0230 (0.0001) S>C TCP FIN
New TCP connection #2: 10.0.0.252(1025) <-> my.server(25)
2 60.0266 (60.0266) C>S TCP FIN
2 60.0267 (0.0000) S>C TCP FIN
So how can I enable SSLv2 support ? Is it on openssl or sendmail ?
Any help appreciated.
Thanks and regards
David
