CBC ciphers + TLS 1.0 protocol does not work in OpenSSL 1.0.2d

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 04/12/15 11:31, Jayalakshmi bhat wrote:
> Hi Matt,
> 
> Thanks a lot for the response. 
> 
> Is your application a client or a server? Are both ends using
> OpenSSL 1.0.2d? If not, what is the other end using?
>>>Our device has both TLS client,server apps. As client, device communicates with radius server, LDAP server etc.As
> server device is accessed using various web browsers. 
> Hence both the end will not be OpenSSL 1.0.2d.
> 
> How exactly are you doing that? Which specific cipher are you seeing fail?
>>> We have provided user option to select TLS protocol versions similar to the browsers. Depending upon the user configurations we set the protocol flags (SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2) in the SSL context using SSL_CTX_clear_options/SSL_CTX_set_options.
>>> We have provided user option to chose ciphers as well. 
> All these are in the application space,no changes have been done and
> they have been working good with OpenSSL 1.0.1c. Only the library is
> upgraded to OpenSSL 1.0.2d.I have used AES256-CBC and AES128 CBC ciphers
> and with both the ciphers issue is seen.
> 
> Are you able to provide a packet capture?
>>> Please find the attached traces for server mode.
> What O/S is this on?
>>>This is built for WinCE and Vxworks

Thanks. Please could you also send the exact patch that you applied that
resolved the issue?

Matt


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux