OpenSSL compliance with Linux distributions
Patrick Mooc
patrick.mooc at gmail.com
Thu Aug 6 19:24:32 UTC 2020
Thank you Ben for your answer.
I had a look today for this point, but I didin't found anything about
extension in the OpenSSL version I use (0.9.8).
Maybe I have to modify OpenSSL configuration file (openssl.conf) and
compile OpenSSL again. I will check this tomorrow.
Best Regards,
Le 05/08/2020 à 22:46, Benjamin Kaduk a écrit :
> On Wed, Aug 05, 2020 at 10:28:26PM +0200, Patrick Mooc wrote:
>> Thank you very much Kyle for your quick and clear answer.
>>
>> The reason why I want to upgrade OpenSSL version, is that I encounter a
>> problem with 1 frame exchange between client and server.
>>
>> This frame is the first packet sent from client to server (Client Hello
>> Packet) and the protocol used for this packet is SSLv2.
>> I don't understand why, because I force the use of TLSv1 (in ssl.conf file
>> as in application software), but only for this first exchange packet, SSLv2
>> is used. All other packets are well using TLSv10 as configured.
>>
>> I have also searched for forcing the use of TLSv10 ciphers in OpenSSL
>> configuration and in application software, but I didn't succeed doing so.
>>
>> That's why I had in idea of upgrading OpenSSL version to avoid the use of
>> SSLv2 protocol.
>>
>>
>> Thus, if you have any idea of how to solve my problem without upgrading
>> OpenSSL version or Linux distribution, It would be very nice.
> Using an "SSLv2-compatible" ClientHello is rather distinct from actually using
> the SSLv2 protocol; I believe that the former is what is happening for you.
>
> IIRC sending any TLS extension with the ClientHello suppresses the use of the
> v2-compatible format, so you might be able to do that. (I don't remember offhand
> which extensions are implemented in that old of an OpenSSL version, and
> whether they're enabled in the default build, though.)
>
> -Ben
More information about the openssl-users
mailing list