Re: SSL 3.0 and older ciphers selected in applications

To: Daniel Pocock <daniel@pocock.pro>
Cc: debian-security@lists.debian.org, 772487@bugs.debian.org
Subject: Re: SSL 3.0 and older ciphers selected in applications
From: Kurt Roeckx <kurt@roeckx.be>
Date: Mon, 8 Dec 2014 18:58:34 +0100
Message-id: <[🔎] 20141208175834.GA11879@roeckx.be>
In-reply-to: <[🔎] 5485A904.4090504@pocock.pro>
References: <[🔎] 54855E6D.9000308@pocock.pro> <[🔎] 20141208101220.GA13316@roeckx.be> <[🔎] 54858094.6070304@pocock.pro> <[🔎] 20141208113655.GA25596@roeckx.be> <[🔎] 54859797.6070304@pocock.pro> <[🔎] 20141208125312.GC11304@roeckx.be> <[🔎] 5485A904.4090504@pocock.pro>

On Mon, Dec 08, 2014 at 02:35:00PM +0100, Daniel Pocock wrote:
> 
> I have no idea what technology is in use in the remote/client system.
> 
> If my server socket is using TLSv1_method it is rejecting the connection
> and logging those errors on my server:
> 
> error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
> Error code = 336130315 file=s3_pkt.c line=348
> 
> My server then sends TCP RST to the client

So I can actually reproduce this with the s_client from squeeze,
since that still generates an SSLv2 compatible client hello.  That
does fail talking to any server using the TLSv1 method but
works talking to the SSLv23 method.  Since I'm actually going to
remove support for the TLSv1 method I don't intend to fix this.

Kurt

Reply to:

Follow-Ups:
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Daniel Pocock <daniel@pocock.pro>

References:
- SSL 3.0 and older ciphers selected in applications
  - From: Daniel Pocock <daniel@pocock.pro>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Daniel Pocock <daniel@pocock.pro>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Daniel Pocock <daniel@pocock.pro>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: SSL 3.0 and older ciphers selected in applications
  - From: Daniel Pocock <daniel@pocock.pro>

Prev by Date: Re: SSL 3.0 and older ciphers selected in applications
Next by Date: Re: SSL 3.0 and older ciphers selected in applications
Previous by thread: Re: SSL 3.0 and older ciphers selected in applications
Next by thread: Re: SSL 3.0 and older ciphers selected in applications
Index(es):
- Date
- Thread