2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
|
set ::done HAND
catch {tls::handshake $sock} msg
set ::done $msg
}
# NOTE: when doing an in-process client/server test, both sides need
# to be non-blocking for the TLS handshake
# Server - Only accept TLS 1 or higher
set s [tls::socket \
-certfile $serverCert -cafile $caCert -keyfile $serverKey \
-request 0 -require 0 -ssl2 0 -ssl3 0 -tls1 1 -tls1.1 1 -tls1.2 1 \
-server Accept 8831]
# Client - Only propose SSL3
set c [tls::socket -async \
-cafile $caCert \
-request 0 -require 0 -ssl2 0 -ssl3 1 -tls1 0 -tls1.1 0 -tls1.2 0 \
[info hostname] 8831]
fconfigure $c -blocking 0
puts $c a ; flush $c
after 5000 [list set ::done timeout]
vwait ::done
set ::done
} {handshake failed: wrong version number}
|
|
|
|
|
|
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
|
set ::done HAND
catch {tls::handshake $sock} msg
set ::done $msg
}
# NOTE: when doing an in-process client/server test, both sides need
# to be non-blocking for the TLS handshake
# Server - Only accept TLS 1.2
set s [tls::socket \
-certfile $serverCert -cafile $caCert -keyfile $serverKey \
-request 0 -require 0 -ssl2 0 -ssl3 0 -tls1 0 -tls1.1 0 -tls1.2 1 \
-server Accept 8831]
# Client - Only propose TLS1.0
set c [tls::socket -async \
-cafile $caCert \
-request 0 -require 0 -ssl2 0 -ssl3 0 -tls1 1 -tls1.1 0 -tls1.2 0 \
[info hostname] 8831]
fconfigure $c -blocking 0
puts $c a ; flush $c
after 5000 [list set ::done timeout]
vwait ::done
set ::done
} {handshake failed: wrong version number}
|