Ethereal, pls listen on port 443 and check out the handshake messages. Btw the initial client hello (for the very 1st time) would be sent in sslv3 (assuming u have disabled v2, am not sure why ur bothered abt that version, pls disable on ur client and server). Once the initial client hello is sent, the highest supported protocol version would be selected automatically by the server, choosing of a lower version is not allowed.
Thanks --Gayathri On Mon, Aug 22, 2011 at 5:58 AM, Shashidhar RP <shashidhar...@hcl.com>wrote: > Hi, > Thanks for your quich response. > One more question. > 1) Can you please tell us is there any want to check wat version client > and server is using? > 2) If the client rollback happens the client can rollback form version 3 to > version 2 rt? In this case will it send > V2 hello handshake or V3 hello handshake.? > 3) Is there a possiblility that the client version is V3 but it can send V2 > hello msg to the server? If yes then will the server treat it as V2 client > and server will rollback to V2? > 4) At any point of time to check the server and client version wat is the > command? > 5)and to check weather the client/server has rollbacked to different > verion is there any way to figure out?? > 6)Is there any chance of server getting rollback from V3 to V2? If yes plz > tell us in which cases? > > Plz help with the answers for the above questions. > > Regards > Shashidhar > > > > ------------------------------ > *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] > On Behalf Of Gayathri Sundar [suraj...@gmail.com] > *Sent:* Thursday, August 18, 2011 8:14 PM > *To:* openssl-users@openssl.org > *Subject:* Re: hi > > Hi, > > First of all your question is really strange. Please check your client and > server settings as to which highest ssl version is enabled. Generally SSLv2 > should be disabled and never negotiated. > The code your referring to is a piece of code that would be called when > sslv3 is negotiated during the handshake. > > Disable sslv2 on ur client, enable tls on both sides, and you will see that > the highest common version is selected automatically by the server. Check > your client hello message on the wire and see what versions are actually > sent out. > > Thanks > --Gayathri > > On Thu, Aug 18, 2011 at 5:46 AM, Shashidhar RP <shashidhar...@hcl.com>wrote: > >> forgot to mention that >> >> /* s->version = SSL3_VERSION */ >> the above line is commented in the code.... of ssl3_connect (); >> is there any issue with this as the client version is updating and ssl >> version not updating ?? >> >> >> ------------------------------ >> *From:* owner-openssl-us...@openssl.org [owner-openssl-us...@openssl.org] >> On Behalf Of Shashidhar RP [shashidhar...@hcl.com] >> *Sent:* Thursday, August 18, 2011 3:24 PM >> *To:* openssl-users@openssl.org >> *Subject:* hi >> >> >> Hi , >> I have a problem while establishing a session using ssl.. I have >> a client and when the session is establised >> i found that the client version is V3 but the ssl version is v2, due to >> which i am facing other problem. >> >> I saw the ssl code - s3_cln.c is which i saw a part of this code >> >> /* s->version = SSL3_VERSION */ >> >> This is there in ssl3_connect code. >> Is there any chance of a V2 client becoming V3 and while connect its >> version is >> not updated? >> And >> where does this version wil be set? and when it can change? >> >> Plz give some I/p on this so that ican move further. >> >> >> Regards >> shashidhar >> >> >> >> ------------------------------ >> ::DISCLAIMER:: >> >> ----------------------------------------------------------------------------------------------------------------------- >> >> The contents of this e-mail and any attachment(s) are confidential and >> intended for the named recipient(s) only. >> It shall not attach any liability on the originator or HCL or its >> affiliates. Any views or opinions presented in >> this email are solely those of the author and may not necessarily reflect >> the opinions of HCL or its affiliates. >> Any form of reproduction, dissemination, copying, disclosure, >> modification, distribution and / or publication of >> this message without the prior written consent of the author of this >> e-mail is strictly prohibited. If you have >> received this email in error please delete it and notify the sender >> immediately. Before opening any mail and >> attachments please check them for viruses and defect. >> >> >> ----------------------------------------------------------------------------------------------------------------------- >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org User Support Mailing List >> openssl-users@openssl.org Automated List Manager majord...@openssl.org >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org User Support Mailing List >> openssl-users@openssl.org Automated List Manager majord...@openssl.org >> > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org User Support Mailing List > openssl-users@openssl.org Automated List Manager majord...@openssl.org
