Greetings, We have embedded OpenSSL 1.0.2j in our application order to securely communicate with a Java Servlet engine (such as Tomcat). Our application uses SSLv23_method(), so I expect it to negotiate up through TLS 1.2 (right?). A customer claims to have configured the web (app) server to only allow TLS 1.2 (by disallowing up through TLS 1.1), and says that the client code (which we know is based on OpenSSL 1.0.2j) is nevertheless connecting using TLS 1.1. We are setting up a similar environment internally to diagnose what's happening, and I wonder if anyone has any advice on the "best" tool for "watching" the TLS version negotiation when the connection is being established. The client environment is Solaris 10. I'm obtaining the necessary privileges to use the snoop command. Does anyone have any do's or don'ts for using snoop? Thanks in advance! Mark Ludwig Siemens Product Lifecycle Management Software Inc. Communications and Government Affairs Product Lifecycle Management Lifecycle Coll 5939 Rice Creek Parkway Shoreview, MN 55126 United States Tel. :+1 (651) 855-6140 Fax :+1 (651) 855-6280 ludwig.mark@xxxxxxxxxxx www.siemens.com/plm -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
