Hello, All. I have met an issue with different browsers behavior when opening a link https://wiki.openssl.org/. Investigations shows that it is SSL handshake issues. Is it possible to correct situation for Safari browser? Below is 'ssldump's and 'openssl version -a' logs. >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>> osx10.6.8 + chrome 45.0.2454.101; SSL session is OK >>> New TCP connection #1: 192.168.0.1(59718) <-> 194.97.150.234(443) 1 1 0.0506 (0.0506) C>S V3.1(512) Handshake ClientHello Version 3.3 random[32]= d2 e1 13 ee 12 ed 4a cd 48 ab 9a 84 89 5e 68 65 6c 74 d1 47 16 b6 a8 59 20 78 1e 73 1c 29 08 40 resume [32]= 96 63 75 db a1 7d 41 71 5c 80 22 ae b0 2f 5d 8e 3c fc e8 0a d3 1d 0e 16 ea 17 17 de 30 29 f1 6d cipher suites Unknown value 0xcc14 Unknown value 0xcc13 Unknown value 0xcc15 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_GCM_SHA256 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_EMPTY_RENEGOTIATION_INFO_SCSV compression methods NULL 1 2 0.1002 (0.0496) S>C V3.3(81) Handshake ServerHello Version 3.3 random[32]= 25 b5 71 fa 69 9c 64 26 91 48 e5 c1 6f 07 6c 4b 12 b7 22 a6 20 e6 fb 6d 80 00 dd a1 99 43 70 dc session_id[32]= 96 63 75 db a1 7d 41 71 5c 80 22 ae b0 2f 5d 8e 3c fc e8 0a d3 1d 0e 16 ea 17 17 de 30 29 f1 6d cipherSuite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 compressionMethod NULL 1 3 0.1002 (0.0000) S>C V3.3(1) ChangeCipherSpec 1 4 0.1002 (0.0000) S>C V3.3(40) Handshake 1 5 0.1017 (0.0014) C>S V3.3(1) ChangeCipherSpec 1 6 0.1017 (0.0000) C>S V3.3(40) Handshake 1 7 0.1024 (0.0006) C>S V3.3(521) application_data 1 8 0.2268 (0.1244) S>C V3.3(299) application_data 1 9 4.0905 (3.8636) C>S V3.3(426) application_data 1 10 4.1691 (0.0786) S>C V3.3(598) application_data 1 11 4.1737 (0.0046) C>S V3.3(495) application_data 1 12 4.2673 (0.0935) S>C V3.3(298) application_data 1 9.2750 (5.0077) S>C TCP FIN 1 14.2687 (4.9936) C>S TCP FIN >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> >>> osx10.6.8 safari5.1.10(6534.59.10); SSL session is BROKEN >>> New TCP connection #1: 192.168.0.1(59771) <-> 194.97.150.234(443) 1 1 0.0598 (0.0598) C>S V3.1(158) Handshake ClientHello Version 3.1 random[32]= 56 05 6d 21 f6 ef c5 31 be 10 7d ef e8 b4 78 cf a5 47 61 7a 23 42 29 30 a2 6e c3 dc e3 0f 67 4b cipher suites TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDHE_ECDSA_WITH_RC4_128_SHA TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA TLS_ECDHE_RSA_WITH_RC4_128_SHA TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA TLS_ECDH_ECDSA_WITH_RC4_128_SHA TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA TLS_ECDH_RSA_WITH_AES_128_CBC_SHA TLS_ECDH_RSA_WITH_AES_256_CBC_SHA TLS_ECDH_RSA_WITH_RC4_128_SHA TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_RC4_40_MD5 TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA compression methods NULL 1 0.1143 (0.0545) S>C TCP FIN 1 0.1158 (0.0014) C>S TCP FIN New TCP connection #2: 192.168.0.1(59773) <-> 194.97.150.234(443) 2 1 0.0569 (0.0569) C>S V3.0(81) Handshake ClientHello Version 3.0 random[32]= 56 05 6d 21 d2 ca b5 6f 97 90 79 52 f9 c6 af 40 20 77 73 28 de 7d 60 48 c0 58 fc d8 a8 df 9d d0 cipher suites SSL_RSA_WITH_AES_128_CBC_SHA SSL_RSA_WITH_RC4_128_SHA SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_AES_256_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5 SSL_DHE_DSS_WITH_AES_128_CBC_SHA SSL_DHE_RSA_WITH_AES_128_CBC_SHA SSL_DHE_DSS_WITH_AES_256_CBC_SHA SSL_DHE_RSA_WITH_AES_256_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA compression methods NULL 2 0.1077 (0.0507) S>C TCP FIN 2 0.1094 (0.0017) C>S TCP FIN >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> $ openssl version -a OpenSSL 1.0.1 14 Mar 2012 built on: Sun Mar 25 19:01:41 MSK 2012 platform: darwin64-x86_64-cc options: bn(64,64) rc4(ptr,char) des(idx,cisc,16,int) idea(int) blowfish(idx) compiler: /usr/bin/llvm-gcc-4.2 -fPIC -fno-common -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -arch x86_64 -O3 -DL_ENDIAN -Wall OPENSSLDIR: "/opt/local/etc/openssl" -- ? ????????????Mit freundlichen Gr??en???Best regards, Dmitriy Bubnov
