On 04/12/15 11:31, Jayalakshmi bhat wrote: > Hi Matt, > > Thanks a lot for the response. > > Is your application a client or a server? Are both ends using > OpenSSL 1.0.2d? If not, what is the other end using? >>>Our device has both TLS client,server apps. As client, device communicates with radius server, LDAP server etc.As > server device is accessed using various web browsers. > Hence both the end will not be OpenSSL 1.0.2d. > > How exactly are you doing that? Which specific cipher are you seeing fail? >>> We have provided user option to select TLS protocol versions similar to the browsers. Depending upon the user configurations we set the protocol flags (SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2) in the SSL context using SSL_CTX_clear_options/SSL_CTX_set_options. >>> We have provided user option to chose ciphers as well. > All these are in the application space,no changes have been done and > they have been working good with OpenSSL 1.0.1c. Only the library is > upgraded to OpenSSL 1.0.2d.I have used AES256-CBC and AES128 CBC ciphers > and with both the ciphers issue is seen. > > Are you able to provide a packet capture? >>> Please find the attached traces for server mode. > What O/S is this on? >>>This is built for WinCE and Vxworks Thanks. Please could you also send the exact patch that you applied that resolved the issue? Matt
