Hi Matt, I replaced constant_time_eq_8 usage in s3_cbc.c with the implementation available in OpenSSL 1.0.1e. Things worked fine. Regards Jaya On Fri, Dec 4, 2015 at 7:04 PM, Matt Caswell <matt at openssl.org> wrote: > > > On 04/12/15 11:31, Jayalakshmi bhat wrote: > > Hi Matt, > > > > Thanks a lot for the response. > > > > Is your application a client or a server? Are both ends using > > OpenSSL 1.0.2d? If not, what is the other end using? > >>>Our device has both TLS client,server apps. As client, device > communicates with radius server, LDAP server etc.As > > server device is accessed using various web browsers. > > Hence both the end will not be OpenSSL 1.0.2d. > > > > How exactly are you doing that? Which specific cipher are you seeing > fail? > >>> We have provided user option to select TLS protocol versions similar > to the browsers. Depending upon the user configurations we set the protocol > flags (SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2) in the SSL > context using SSL_CTX_clear_options/SSL_CTX_set_options. > >>> We have provided user option to chose ciphers as well. > > All these are in the application space,no changes have been done and > > they have been working good with OpenSSL 1.0.1c. Only the library is > > upgraded to OpenSSL 1.0.2d.I have used AES256-CBC and AES128 CBC ciphers > > and with both the ciphers issue is seen. > > > > Are you able to provide a packet capture? > >>> Please find the attached traces for server mode. > > What O/S is this on? > >>>This is built for WinCE and Vxworks > > Thanks. Please could you also send the exact patch that you applied that > resolved the issue? > > Matt > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151204/5c01e082/attachment.html>
