<div dir="ltr">Hi Jakob,<div><br></div><div>Here are more details,</div><div><br></div><div>OS WinCE 6.0</div><div>CPU <span style="font-size:12.8px">ARMARCH4.</span></div><div><span style="font-size:12.8px">Family ARM</span></div><div><span style="font-size:12.8px">Compiler ARM CC</span></div><div><span style="font-size:12.8px">Version </span><span style="font-size:12.8px">Microsoft (R) C/C++ Optimizing Compiler Version 14.01.60511 for ARM</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">Regards</span></div><div><span style="font-size:12.8px">Jaya</span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Dec 4, 2015 at 5:35 AM, Jakob Bohm <span dir="ltr"><<a href="mailto:jb-openssl@wisemo.com" target="_blank">jb-openssl@wisemo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div><tt>For clarity, which version of
WinCE, and which CPU (Arm, <br>
MIPS,</tt><tt> </tt><tt>PPC, x86, SH3, SH4, ...)?</tt><tt><br>
</tt><br>
<tt>Which Microsoft Compiler version (EVC3, EVC4, one of the <br>
Visual Studio projects, 3rd party compiler) and which <br>
exact compiler version (reported by running the compiler <br>
executable (named according to CPU) with no arguments.</tt><tt><br>
</tt><tt><br>
</tt><tt>I ask because your proposed fix may be aff</tt><tt>ected
by compiler and/or CPU quirks.<br>
</tt><div><div class="h5"><br>
On 04/12/2015 12:31, Jayalakshmi bhat wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">
<div dir="ltr">Hi Matt,
<div><br>
</div>
<div>Thanks a lot for the response. </div>
<div><br>
</div>
<div><span style="font-size:12.8px">Is your application a client
or a server? Are both ends using OpenSSL </span><span style="font-size:12.8px">1.0.2d? If not, what is the other
end using?</span></div>
<div><span style="font-size:12.8px">>>Our device has both
TLS client,server apps. </span><span style="font-size:12.8px">As client, device communicates with
radius server, LDAP server etc.</span><span style="font-size:12.8px">As server device is accessed using
various web browsers. </span></div>
<div><span style="font-size:12.8px">Hence both the end will not
be OpenSSL 1.0.2d.</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">How exactly are you doing
that? Which specific cipher are you seeing fail?</span><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">>> We have provided
user option to select TLS protocol versions similar to the
browsers. Depending upon the user configurations we set the
protocol flags
(SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2) in
the SSL context using </span><span style="font-size:12.8px">SSL_CTX_clear_options/SSL_CTX_set_</span><span style="font-size:12.8px">options.</span></div>
<div><span style="font-size:12.8px">>> We have provided
user option to chose ciphers as well. </span></div>
<div><span style="font-size:12.8px">All these are in the
application space,no changes have been done and they have
been working good with OpenSSL 1.0.1c. Only the library is
upgraded to OpenSSL 1.0.2d.I</span><span style="font-size:12.8px"> have used </span><span style="font-size:12.8px">AES256-CBC and AES128 CBC ciphers
and with both the ciphers issue is seen.</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">Are you able to provide a
packet capture?</span><br>
</div>
<div>>> Please find the attached traces for server mode.<br style="font-size:12.8px">
<span style="font-size:12.8px">What O/S is this on?</span><br>
</div>
<div><span style="font-size:12.8px">>>This is built for
WinCE and Vxworks</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px">Regards</span></div>
<div><span style="font-size:12.8px">Jaya</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
<div><span style="font-size:12.8px"><br>
</span></div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Fri, Dec 4, 2015 at 3:02 PM, Matt
Caswell <span dir="ltr"><<a href="mailto:matt@openssl.org" target="_blank">matt@openssl.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello Jaya<br>
<br>
We're going to need some more information. There isn't a
generic problem<br>
with CBC ciphers and TLS1.0 in 1.0.2d (it's working fine for
me) - so<br>
there is something specific about your environment that is
causing the<br>
issue. Comments inserted below.<br>
<span><br>
On 04/12/15 06:53, Jayalakshmi bhat wrote:<br>
> Hi All,<br>
><br>
><br>
><br>
> Recently we have ported OpenSSL 1.0.2d. Everything
works perfect except<br>
> the below explained issue.<br>
<br>
</span>Is your application a client or a server? Are both
ends using OpenSSL<br>
1.0.2d? If not, what is the other end using?<br>
<span><br>
<br>
> When we enable only TLS 1.0 protocol and select CBC
ciphers,<br>
<br>
</span>How exactly are you doing that? Which specific cipher
are you seeing fail?<br>
<span><br>
<br>
> Now my question is whatever I did is it correct?<br>
<br>
</span>That would not be a recommended solution<br>
<span><br>
> Or Do need to replace<br>
> complete s3_cbc.c with OpenSSL 1.0.1e?<br>
<br>
</span>No. You cannot just copy and paste stuff from 1.0.1
to 1.0.2.<br>
<br>
Some other questions:<br>
<br>
Are you able to provide a packet capture?<br>
How did you build OpenSSL...i.e. what "Configure" options
did you use?<br>
What O/S is this on?<br>
<br>
Matt<br>
_______________________________________________<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
</blockquote>
</div>
<br>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
openssl-users mailing list
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a>
</pre>
</blockquote>
<br>
<br>
</div></div><pre cols="72">Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. <a href="https://www.wisemo.com" target="_blank">https://www.wisemo.com</a><span class="HOEnZb"><font color="#888888">
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded </font></span></pre>
</div>
<br>_______________________________________________<br>
openssl-users mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-users" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-users</a><br>
<br></blockquote></div><br></div>