[openssl-dev] [openssl.org #4524] [BUG] TLS 1.2 handshake hangs for TLS 1.0 only hosts
Stephen Henson via RT
rt at openssl.org
Sun May 1 00:44:52 UTC 2016
On Sat Apr 30 21:23:30 2016, henrik at newdawn.dk wrote:
> Since this is a MS IIS 7.0 server I would argue that it'd be in the
> interest of openssl to handle the situation rather than accept this
> scenario - since IIS is likely powering more than a few hosts? It is
> possible to have the host correctly list its supported protocols using
> nmap - i'd assume the TLS1.2 attempt can be avoided altogether (
> without knowing any implementation details or if tht adds overhead
> though ) ?
>
As others have indicated this is a known bug with a load balancer and not IIS.
As well as the solutions suggested you can try the -bugs option to s_client
which pads client hellos to workaround this issue.
Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4524
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list