SSL session resumption from different TLS version

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 01/08/16 05:39, Prabhat Puroshottam wrote:
> 
>> IIRC the behaviour is different in the forthcoming OpenSSL 1.1.0. In
>> that version the client does not fix its version to the session version.
>> The client remains version flexible - if the server does not wish to use
>> the same version as was in the session then they can still negotiate a
>> different one and the session simply does not get used.
> 
> 
> 
> Thanks Matt, for that detailed and helpful reply.
> 
> Is it at all possible to merge these changes being done in OpenSSL 1.1.0
> to older version of OpenSSL (as we build and ship our own version of
> OpenSSL)? Or is the nature of changes very complex in nature?

Unfortunately the version negotiation logic (which this change relies
on) has been completely rewritten for 1.1.0 so this would not be
suitable for backporting to 1.0.2.

Matt



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux