[openssl-users] [openssl.org #4060] AutoReply: a crash happened inside SSL_Connect function
Viktor Dukhovni
openssl-users at dukhovni.org
Tue Sep 29 14:43:35 UTC 2015
On Tue, Sep 29, 2015 at 01:56:06PM +0000, Tiantian Liu via RT wrote:
> Hi Matt & Vi
>
> I tried the SSLv23_method(), and precluded/excluded all SSLv2, SSLv3, TLSv1. I only enabled the TLSv1.2 by SSL_CTX_set_option().
> You can see my previous code:
Why are you disabling TLSv1, there's little reason to do that at
present. If the server supports TLS 1.2 you'll use that, otherwise
you'll at least get TLS 1.0
> /*Only allow TLSv1.2 protocol*/
> SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1);
I would not disable TLSv1 at this time, just SSLv2 and SSLv3.
> While the above code didn't work. I couldn't reach the server. Though the SSL_connect() didn't crash, it returned as:
>
> 17:49:12.939 [5499]- SSL_connect res : -1
And did you print the error stack? Look at a PCAP trace with
wireshark? Connect to the server with "openssl s_client" and
examine the negotiated protocol parameters?
> I will continue to investigate, and keep updating the ticket. I
> will adopt your idea to see if I can obtain more information during
> crash.
This thread does not belong on openssl-dev, cross-posting and
redirecting to openssl-users.
--
Viktor.
More information about the openssl-users
mailing list