cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Making tlsv1 the default protocol

From: Jose Kahan <jose.kahan_at_w3.org>
Date: Wed, 22 Oct 2014 23:52:47 +0200

On Wed, Oct 22, 2014 at 11:16:37PM +0200, Florian Weimer wrote:
>
> I'll try to reproduce this, but in the meantime, could you attempt to
> connect with
>
> openssl s_client -connect dest-wheezy.example.com:443 -no_ssl2
>
> from the squeeze box? It would be interesting to know if this
> succeeds or not.

It does succeed:

[[
CONNECTED(00000003)
<snip>
SSL handshake has read 3311 bytes and written 293 bytes

---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
<snip>
]]
The opposite direction also works:
openssl s_client -connect dest-squeeze.example.com:443 -no_ssl2
[[
CONNECTED(00000003)
<snip>
SSL handshake has read 3311 bytes and written 506 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1
    Cipher    : DHE-RSA-AES256-SHA
<snip>
]]
If it would ease your testing, I can mail you the address of a
squeeze box.
-jose
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2014-10-22