[openssl-users] CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

Matt Caswell matt at openssl.org
Fri Dec 4 09:32:07 UTC 2015

Hello Jaya

We're going to need some more information. There isn't a generic problem
with CBC ciphers and TLS1.0 in 1.0.2d (it's working fine for me) - so
there is something specific about your environment that is causing the
issue. Comments inserted below.

On 04/12/15 06:53, Jayalakshmi bhat wrote:
> Hi All,
> Recently we have ported OpenSSL 1.0.2d. Everything works perfect except
> the below explained issue.

Is your application a client or a server? Are both ends using OpenSSL
1.0.2d? If not, what is the other end using?

> When we enable only TLS 1.0 protocol and select CBC ciphers,

How exactly are you doing that? Which specific cipher are you seeing fail?

> Now my question is whatever I did is it correct?

That would not be a recommended solution

> Or Do need to replace
> complete s3_cbc.c with OpenSSL 1.0.1e?

No. You cannot just copy and paste stuff from 1.0.1 to 1.0.2.

Some other questions:

Are you able to provide a packet capture?
How did you build OpenSSL...i.e. what "Configure" options did you use?
What O/S is this on?


More information about the openssl-users mailing list