SSLv23_client_method() broken in openssl-1.0.1-stable-SNAP-20130925

Previous Topic Next Topic
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

SSLv23_client_method() broken in openssl-1.0.1-stable-SNAP-20130925

Chris Clark
Last week I reported on OpenSSL-user a problem I encountered after
updating my Win64 server app from OpenSSL 1.0.0k to 1.01e, in which
SSLv23_server_method() no longer accepted SSLv3 connections from
clients using SSLv3_method().

Now I tried 1.0.1-stable-SNAP-20130925 and I see this bug has been
fixed. My Server works fine with all old clients. I now updated my
Win64 client app to use the same stable snap, and I found almost the
same problem with both of these:
When the Server is configured for SSLv23_Server_method(), it accepts
either SSL or TLS connections from my old client, but with my client
using the new 1.0.1 SNAP-20130925  it fails to negotiate a cipher
using either the SSLv23_client_method() or the SSLv23_method().

I am building under Visual Studio 2008.

OpenSSL Project                       
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]