Hello Jaya We're going to need some more information. There isn't a generic problem with CBC ciphers and TLS1.0 in 1.0.2d (it's working fine for me) - so there is something specific about your environment that is causing the issue. Comments inserted below. On 04/12/15 06:53, Jayalakshmi bhat wrote: > Hi All, > > > > Recently we have ported OpenSSL 1.0.2d. Everything works perfect except > the below explained issue. Is your application a client or a server? Are both ends using OpenSSL 1.0.2d? If not, what is the other end using? > When we enable only TLS 1.0 protocol and select CBC ciphers, How exactly are you doing that? Which specific cipher are you seeing fail? > Now my question is whatever I did is it correct? That would not be a recommended solution > Or Do need to replace > complete s3_cbc.c with OpenSSL 1.0.1e? No. You cannot just copy and paste stuff from 1.0.1 to 1.0.2. Some other questions: Are you able to provide a packet capture? How did you build OpenSSL...i.e. what "Configure" options did you use? What O/S is this on? Matt
