Can’t get there from here.

So client-side OpenSSL is buggy if compiled with no-tlsext (in 0.9.8m and 0.9.8n) because it sends that pseudo-ciphersuite number without being able to handle the TLS extension then expected in the server’s response. So the no-tlsext build shouldn’t be sending the pseudo- ciphersuite number. However, then you’d soon have problems connecting to some updated servers, as these may start to *demand* confirmation that clients are updated to support RFC 5746. So the fix won’t help you in the long run.

via Re: openssl 0.9.8n issue with no-tlsext.

To paraphrase: You can either talk to older buggy versions of openssl or newer buggy versions of openssl, but not both at the same time.

Advertisements
Both comments and trackbacks are currently closed.
%d bloggers like this: