Hi Jakob CPU is ARMARCH4. WinCE version is 6.0. I will get the compiler details shortly. Regards Jaya On Fri, Dec 4, 2015 at 6:05 PM, Jakob Bohm <jb-openssl at wisemo.com> wrote: > For clarity, which version of WinCE, and which CPU (Arm, > MIPS, PPC, x86, SH3, SH4, ...)? > > Which Microsoft Compiler version (EVC3, EVC4, one of the > Visual Studio projects, 3rd party compiler) and which > exact compiler version (reported by running the compiler > executable (named according to CPU) with no arguments. > > I ask because your proposed fix may be affected by compiler and/or CPU > quirks. > > On 04/12/2015 12:31, Jayalakshmi bhat wrote: > > Hi Matt, > > Thanks a lot for the response. > > Is your application a client or a server? Are both ends using OpenSSL 1.0.2d? > If not, what is the other end using? > >>Our device has both TLS client,server apps. As client, device > communicates with radius server, LDAP server etc.As server device is > accessed using various web browsers. > Hence both the end will not be OpenSSL 1.0.2d. > > How exactly are you doing that? Which specific cipher are you seeing fail? > >> We have provided user option to select TLS protocol versions similar to > the browsers. Depending upon the user configurations we set the protocol > flags (SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1_1, SSL_OP_NO_TLSv1_2) in the SSL > context using SSL_CTX_clear_options/SSL_CTX_set_options. > >> We have provided user option to chose ciphers as well. > All these are in the application space,no changes have been done and they > have been working good with OpenSSL 1.0.1c. Only the library is upgraded to > OpenSSL 1.0.2d.I have used AES256-CBC and AES128 CBC ciphers and with > both the ciphers issue is seen. > > Are you able to provide a packet capture? > >> Please find the attached traces for server mode. > What O/S is this on? > >>This is built for WinCE and Vxworks > > Regards > Jaya > > > > On Fri, Dec 4, 2015 at 3:02 PM, Matt Caswell <matt at openssl.org> wrote: > >> Hello Jaya >> >> We're going to need some more information. There isn't a generic problem >> with CBC ciphers and TLS1.0 in 1.0.2d (it's working fine for me) - so >> there is something specific about your environment that is causing the >> issue. Comments inserted below. >> >> On 04/12/15 06:53, Jayalakshmi bhat wrote: >> > Hi All, >> > >> > >> > >> > Recently we have ported OpenSSL 1.0.2d. Everything works perfect except >> > the below explained issue. >> >> Is your application a client or a server? Are both ends using OpenSSL >> 1.0.2d? If not, what is the other end using? >> >> >> > When we enable only TLS 1.0 protocol and select CBC ciphers, >> >> How exactly are you doing that? Which specific cipher are you seeing fail? >> >> >> > Now my question is whatever I did is it correct? >> >> That would not be a recommended solution >> >> > Or Do need to replace >> > complete s3_cbc.c with OpenSSL 1.0.1e? >> >> No. You cannot just copy and paste stuff from 1.0.1 to 1.0.2. >> >> Some other questions: >> >> Are you able to provide a packet capture? >> How did you build OpenSSL...i.e. what "Configure" options did you use? >> What O/S is this on? >> >> Matt >> _______________________________________________ >> openssl-users mailing list >> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users >> > > > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > > > Enjoy > > Jakob > -- > Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com > Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 > This public discussion message is non-binding and may contain errors. > WiseMo - Remote Service Management for PCs, Phones and Embedded > > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151205/d14f7317/attachment-0001.html>
