Can’t get there from here.

So client-side OpenSSL is buggy if compiled with no-tlsext (in 0.9.8m and 0.9.8n) because it sends that pseudo-ciphersuite number without being able to handle the TLS extension then expected in the server’s response. So the no-tlsext build shouldn’t be sending the pseudo- ciphersuite number. However, then you’d soon have problems connecting to some updated servers, as these may start to *demand* confirmation that clients are updated to support RFC 5746. So the fix won’t help you in the long run.

via Re: openssl 0.9.8n issue with no-tlsext.

To paraphrase: You can either talk to older buggy versions of openssl or newer buggy versions of openssl, but not both at the same time.

Both comments and trackbacks are currently closed.
%d bloggers like this: