OpenSSL 1.1.1 Windows dependencies
Viktor Dukhovni
openssl-users at dukhovni.org
Wed Oct 26 15:50:16 UTC 2022
On Wed, Oct 26, 2022 at 11:15:25AM +0100, Matt Caswell wrote:
> > I'm not promising anything. But if you send me the captures I can take a
> > look at them.
>
> I've taken a look at the captures for the working and non-working scenarios.
>
> Do I understand correctly that your application is acting as the server
> in this setup?
>
> I have compared the working and non-working captures. In both cases the
> ClientHello is successfully received, and the server responds with a
> ServerHello, Certificate, ServerKeyExchange and ServerHelloDone message.
> Aside from normal variations between one session and another, AFAICT,
> the ClientHello and the server's response messages all look identical
> other than the server obviously has a different Certificate. The
> Certificates themselves also look identical to each other other than the
> subject/subjectaltname being for a different server. The intermediate
> certs are the same in both cases.
>
> Following the server's ServerHelloDone the client continues with a
> ClientKeyExchange message in the working case. In the non-working case
> the the client immediately closes the TCP connection without sending any
> kind of alert.
See longish thread at:
https://marc.info/?l=postfix-users&m=166584042429636&w=2
which describes a remarkably similar set of symptoms observed after a
Microsoft patch update. Today the OP posted that a more follow-on patch
appears to have resolved the problem.
> This really looks like a problem on the client side to me.
Yes, the client just hangs up. A known. Disabling session tickets on
server appears to help in some cases (for no obvious reason). Applying
the follow-on update is a better solution if applicable.
--
Viktor.
More information about the openssl-users
mailing list