Ticket Change Details
Overview

Artifact ID: 6a838c9bce7a9717383ec6354267dea132a4d22402ab269df7e60c58f9eed546
Ticket: 581d50e6cdc97b0bb5f0e5516086ac469e077f04
Callback wrongly reports SSL3
User & Date: anonymous on 2018-04-05 13:49:27
Changes

  1. foundin changed to: "1.7.16"
  2. icomment:
    The -command callback reports handshake by SSL3, when in fact TLS1.2 was used.
    
    Accurate information would be useful - can the callback report the protocol actually used?
    
    
    In this example, TclTLS was built with --disable-sslv2 --disable-sslv3, libressl,
    and tls::socket was called with -ssl2 0 -ssl3 0 -tls1 1 -tls1.1 1 -tls1.2 1
    
    The actual protocol version TLS1.2 was verified by wireshark.
    
    tlsMonitor info sock12678a0 handshake start {before/connect initialization}
    tlsMonitor info sock12678a0 connect loop {before/connect initialization}
    tlsMonitor info sock12678a0 connect loop {SSLv3 write client hello A}
    tlsMonitor info sock12678a0 connect loop {SSLv3 read server hello A}
    tlsMonitor verify sock12678a0 2 <<snip>>
    tlsMonitor verify sock12678a0 1 <<snip>
    tlsMonitor verify sock12678a0 0 <<snip>>
    tlsMonitor info sock12678a0 connect loop {SSLv3 read server certificate A}
    tlsMonitor info sock12678a0 connect loop {SSLv3 read server key exchange A}
    tlsMonitor info sock12678a0 connect loop {SSLv3 read server done A}
    tlsMonitor info sock12678a0 connect loop {SSLv3 write client key exchange A}
    tlsMonitor info sock12678a0 connect loop {SSLv3 write change cipher spec A}
    tlsMonitor info sock12678a0 connect loop {SSLv3 write finished A}
    tlsMonitor info sock12678a0 connect loop {SSLv3 flush data}
    tlsMonitor info sock12678a0 connect loop {SSLv3 read finished A}
    tlsMonitor info sock12678a0 handshake done {SSL negotiation finished successfully}
    tlsMonitor info sock12678a0 connect exit {SSL negotiation finished successfully}
    
  3. login: "anonymous"
  4. mimetype: "text/x-fossil-plain"
  5. private_contact changed to: "a774b1f5653dc3360e29ea7d635a64e94c9f1dab"
  6. severity changed to: "Important"
  7. status changed to: "Open"
  8. title changed to: "Callback wrongly reports SSL3"
  9. type changed to: "Code Defect"