2019-04-09
| ||
19:35 | • Closed ticket [581d50e6cd]: Callback wrongly reports SSL3 plus 6 other changes artifact: 3733ee98bb user: rkeene | |
2018-04-05
| ||
13:49 | • New ticket [581d50e6cd]. artifact: 6a838c9bce user: anonymous | |
Ticket Hash: | 581d50e6cdc97b0bb5f0e5516086ac469e077f04 | |||
Title: | Callback wrongly reports SSL3 | |||
Status: | Closed | Type: | Documentation | |
Severity: | Important | Priority: | Low | |
Subsystem: | Resolution: | Rejected | ||
Last Modified: | 2019-04-09 19:35:39 | |||
Version Found In: | 1.7.16 | |||
User Comments: | ||||
anonymous added on 2018-04-05 13:49:27:
The -command callback reports handshake by SSL3, when in fact TLS1.2 was used. Accurate information would be useful - can the callback report the protocol actually used? In this example, TclTLS was built with --disable-sslv2 --disable-sslv3, libressl, and tls::socket was called with -ssl2 0 -ssl3 0 -tls1 1 -tls1.1 1 -tls1.2 1 The actual protocol version TLS1.2 was verified by wireshark. tlsMonitor info sock12678a0 handshake start {before/connect initialization} tlsMonitor info sock12678a0 connect loop {before/connect initialization} tlsMonitor info sock12678a0 connect loop {SSLv3 write client hello A} tlsMonitor info sock12678a0 connect loop {SSLv3 read server hello A} tlsMonitor verify sock12678a0 2 <<snip>> tlsMonitor verify sock12678a0 1 <<snip> tlsMonitor verify sock12678a0 0 <<snip>> tlsMonitor info sock12678a0 connect loop {SSLv3 read server certificate A} tlsMonitor info sock12678a0 connect loop {SSLv3 read server key exchange A} tlsMonitor info sock12678a0 connect loop {SSLv3 read server done A} tlsMonitor info sock12678a0 connect loop {SSLv3 write client key exchange A} tlsMonitor info sock12678a0 connect loop {SSLv3 write change cipher spec A} tlsMonitor info sock12678a0 connect loop {SSLv3 write finished A} tlsMonitor info sock12678a0 connect loop {SSLv3 flush data} tlsMonitor info sock12678a0 connect loop {SSLv3 read finished A} tlsMonitor info sock12678a0 handshake done {SSL negotiation finished successfully} tlsMonitor info sock12678a0 connect exit {SSL negotiation finished successfully} rkeene added on 2019-04-09 19:35:39: The data being reported is documented to contain an informational string returned from OpenSSL: > The message argument is a descriptive string which may be generated either by SSL_state_string_long() or by SSL_alert_desc_string_long(), depending on context It does not indicate the version of SSL or TLS being used. |