[openssl-dev] [openssl.org #3855] Fix for TLS1.2 handshake error
Kurt Roeckx via RT
rt at openssl.org
Thu May 21 17:16:23 UTC 2015
On Thu, May 21, 2015 at 09:33:41AM +0200, Anvesh Vagiri via RT wrote:
> Hi,
>
> Since the upgrade to openssl 1.0.1e, i could see failures in ssl handshake.
> I found that as the below commit mentions about a workaround about trying
> to use the flags OPENSSL_MAX_TLS1_2_CIPHER_LENGTH and OPENSSL_NO_TLS1_2_CLIENT
> .
>
> For me the second flag finally worked and disabling TLS 1.2 fixed the
> issue. But im looking for a permanent fix instead of this workaround. Was
> there a complete fix done for this issue.
The fix is to fix the other end, some firewall or ssl
accelerator. This is not a bug in OpenSSL, this is a workaround
for other broken products.
If you're trying to connect to a public web site, the following
URL might be able to tell what's wrong with the other side:
https://www.ssllabs.com/ssltest/
It's most likely version intolerant, since the first define didn't
help. You probably also only get a TLS 1.0 connection and not
even a 1.1 connection.
Kurt
More information about the openssl-dev
mailing list