[openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d
matt at openssl.org
Fri Dec 4 09:32:07 UTC 2015
We're going to need some more information. There isn't a generic problem
with CBC ciphers and TLS1.0 in 1.0.2d (it's working fine for me) - so
there is something specific about your environment that is causing the
issue. Comments inserted below.
On 04/12/15 06:53, Jayalakshmi bhat wrote:
> Hi All,
> Recently we have ported OpenSSL 1.0.2d. Everything works perfect except
> the below explained issue.
Is your application a client or a server? Are both ends using OpenSSL
1.0.2d? If not, what is the other end using?
> When we enable only TLS 1.0 protocol and select CBC ciphers,
How exactly are you doing that? Which specific cipher are you seeing fail?
> Now my question is whatever I did is it correct?
That would not be a recommended solution
> Or Do need to replace
> complete s3_cbc.c with OpenSSL 1.0.1e?
No. You cannot just copy and paste stuff from 1.0.1 to 1.0.2.
Some other questions:
Are you able to provide a packet capture?
How did you build OpenSSL...i.e. what "Configure" options did you use?
What O/S is this on?
More information about the openssl-users