Re: need help on handshake failure

2012-08-29 Thread Mithun Kumar
Also when i use s_client tool it just hangs with following output. Any input on how to get full handshake dump? *vm-soniclx13(misingh): openssl s_client -connect NC-WIN2008X64:1433 **-state -debug -msg*** *CONNECTED(0003)* *SSL_connect:before/connect initialization* *write to 09050898 [090

need help on handshake failure

2012-08-29 Thread Mithun Kumar
Hello All, I am getting some errors causing SSL handshake to fail. Is there any way by which i can enable logging in our OpenSSL libraries? -mithun

RE: Negotiating TLS 1.0 from 1.2

2012-08-29 Thread Erik Tkal
TLS 1.1 would be acceptable, but the server is 1.0 (we don't have any implementing 1.1). The server sends a TLS 1.0 ServerHello, which per the RFC should work: A TLS 1.2 client who wishes to negotiate with such older servers will send a normal TLS 1.2 ClientHello, containing { 3, 3 } (TLS

RE: Negotiating TLS 1.0 from 1.2

2012-08-29 Thread Abhiram Shandilya
Hi Erik: If you only want to allow TLSv1.2 and TLSv1.0 handshakes you will need to try a connection with the TLSv1_2_client_method and then by TLSv1_client_method. You can also use SSLv23_client_method to negotiate only TLSv1.2 and TLSv1.0 using an SSLv2 handshake by explicitly disabling SSLv2,

Negotiating TLS 1.0 from 1.2

2012-08-29 Thread Erik Tkal
I have a client that I want to attempt to negotiate TLS 1.2 but will accept TLS 1.0. What is the magic incantation (e.g. TLSv1_client_method() vs TLSv1_2_client_method() in conjunction with what options)? Specifying TLSv1_client_method() seems to only offer TLS 1.0 {3,1}. Specifying TLSv1_2_c

Is openssl 0.9.8r and openssl1.0.0 compatible ?

2012-08-29 Thread Hasan, Rezaul (NSN - US/Arlington Heights)
Hi All, We have a Linux box1 (Client) that has openssl 0.9.8r. That box communicates with a different kind of Linux box2 (Server) that has openssl 1.0.0e. openssl0.9.8r and openssl1.0.0e seem fairly happy together. In the near future our 2nd Linux box is migrating to a new Platform

Re: my code can't connect while openssl s_client can

2012-08-29 Thread Alexandra Druecke
Sorry for the long delay. I moved and had some holydays afterwards. So I have been away from work for some time. Am Mittwoch, 8. August 2012, 00:44:20 schrieben Sie: > > From: owner-openssl-us...@openssl.org On Behalf Of Alexandra Druecke > > Sent: Tuesday, 07 August, 2012 08:02 > > > > I'm usin

Re: EVP_CIPHER_CTX_set_key_length and EVP_CIPHER_key_length

2012-08-29 Thread la...@angry-red-pla.net
Yup, using the correct function helps :-) Thanks! - Reply message - From: "Dr. Stephen Henson" To: Subject: EVP_CIPHER_CTX_set_key_length and EVP_CIPHER_key_length Date: Wed, Aug 29, 2012 1:37 am On Tue, Aug 28, 2012, la...@angry-red-pla.net wrote: > Hi all > > I created a shared