sön 2012-02-05 klockan 17:52 +0000 skrev Alex Crow: > One example I know can reproduce this every time is: > > https://applyonline.abbeynational.co.uk/olaWeb/OLALogonServlet?action=prepare&application=OnlineBankingRegistrationServlet&js=on that's a broken server the initial client hello handshake to be SSL2 compatible, but then requires immediate protocol upgrade to SSL3 or TLSv1, but fails if the initial handshake is SSL3 or TLSv1. OpenSSL in somewhat current versions by default disable all use pf SSLv2 due to numerous weaknesses in the SSLv2 protocol and is as result normally sending an SSL3 client hello handshake. It's likely to hit problems some newer browsers as well, as SSL/TLS security is being tightened up. A workaround is to set ciphers to 'ALL:!COMPLEMENTOFDEFAULT' which somehow magically enables SSLv2 again. But it's not a very good idea as it may also enable some SSLv2 related attacks. Regards Henrik
