Thank you Ben for your answer.
I had a look today for this point, but I didin't found anything about
extension in the OpenSSL version I use (0.9.8).
Maybe I have to modify OpenSSL configuration file (openssl.conf) and
compile OpenSSL again. I will check this tomorrow.
Best Regards,
Le 05/08/2020 à 22:46, Benjamin Kaduk a écrit :
On Wed, Aug 05, 2020 at 10:28:26PM +0200, Patrick Mooc wrote:
Thank you very much Kyle for your quick and clear answer.
The reason why I want to upgrade OpenSSL version, is that I encounter a
problem with 1 frame exchange between client and server.
This frame is the first packet sent from client to server (Client Hello
Packet) and the protocol used for this packet is SSLv2.
I don't understand why, because I force the use of TLSv1 (in ssl.conf file
as in application software), but only for this first exchange packet, SSLv2
is used. All other packets are well using TLSv10 as configured.
I have also searched for forcing the use of TLSv10 ciphers in OpenSSL
configuration and in application software, but I didn't succeed doing so.
That's why I had in idea of upgrading OpenSSL version to avoid the use of
SSLv2 protocol.
Thus, if you have any idea of how to solve my problem without upgrading
OpenSSL version or Linux distribution, It would be very nice.
Using an "SSLv2-compatible" ClientHello is rather distinct from actually using
the SSLv2 protocol; I believe that the former is what is happening for you.
IIRC sending any TLS extension with the ClientHello suppresses the use of the
v2-compatible format, so you might be able to do that. (I don't remember offhand
which extensions are implemented in that old of an OpenSSL version, and
whether they're enabled in the default build, though.)
-Ben
