[Bug 176722] [openssl] OpenSSL 1.0.1e fails to fallback to TLS1 if the server doesn't allow for anything else
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jul 9 19:47:41 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=176722
Conrad Meyer <cem at freebsd.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |cem at freebsd.org
Status|Open |Closed
Resolution|--- |Works As Intended
--- Comment #5 from Conrad Meyer <cem at freebsd.org> ---
I think this is an intentional security feature (i.e., preventing protocol
downgrade attacks) introduced by OpenSSL in 1.0.1c:
https://github.com/openssl/openssl/blob/OpenSSL_1_0_1-stable/CHANGES#L1052
> Don't use TLS 1.0 record version number in initial client hello if renegotiating. [Steve Henson]
In any case if there is still a bug, file it in upstream OpenSSL (now tracking
issues on Github) and we can track it.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list