I found this post:
https://groups.google.com/forum/#!topic/mailing.openssl.dev/ZLQcp87Zx8A
This is the right solution
Lee
On Fri, Jan 10, 2014 at 1:04 PM, yueyue papa wrote:
> I use these macro to disable TLSEXT,
> CPPOPTS +=-DOPENSSL_NO_TLSEXT -DOPENSSL_NO_HEARTBEATS -DOPENSSL_NO_SRTP
> -DO
You are complete right. I disabled TLSEXT, because of the code size.
Up to now, the result is very clear now.
Lee
On Fri, Jan 10, 2014 at 12:30 PM, Dave Thompson wrote:
> (Due to Outlook upgrade, I can no longer reply inline to richtext. Sorry.)
>
>
>
> Is it possible your failing client open
I am also disable the TLSEXT in the openSSL 0.9.8. It is a strange, why
server gave different response.
It is true that server give different response. (openSSL request is also
different.)
Lee
On Fri, Jan 10, 2014 at 12:44 PM, yueyue papa wrote:
> You are complete right. I disabled TLSEXT
I use these macro to disable TLSEXT,
CPPOPTS +=-DOPENSSL_NO_TLSEXT -DOPENSSL_NO_HEARTBEATS -DOPENSSL_NO_SRTP
-DOPENSSL_NO_DTLS1
whether there is other macro is required to set, so openSSL 1.0.1 won't
tell server TLS features
Lee
On Fri, Jan 10, 2014 at 12:30 PM, Dave Thompson wrote:
> (Due to
(Due to Outlook upgrade, I can no longer reply inline to richtext. Sorry.)
Is it possible your failing client openssl was built with -no-tlsext ?
Both ServerHello replies do contain the RI extension (because the
cipherlist contained SCSV_ERI); if the code to parse extensions
isn't executed
#
read from 0x1fee3f0 [0x1e6ea5b] (5 bytes => 5 (0x5))
- 16 03 00 00 51Q
read from 0x1fee3f0 [0x1e6ea60] (81 bytes => 81 (0x51))
- 02 00 00 4d 03 00 52 cf-5a 99 be 19 c0 7e 80 55 ...M..R.Z~.U
0010 - d6 4c 2d af 05 41 f8 19-79 24 a3 66 ba 8
