Artifacts Associated With Ticket 581d50e6cdc97b0bb5f0e5516086ac469e077f04
Ticket change [6a838c9bce] (rid 1350) by anonymous on 2018-04-05 13:49:27:
- foundin initialized to: "1.7.16"
- icomment:
The -command callback reports handshake by SSL3, when in fact TLS1.2 was used. Accurate information would be useful - can the callback report the protocol actually used? In this example, TclTLS was built with --disable-sslv2 --disable-sslv3, libressl, and tls::socket was called with -ssl2 0 -ssl3 0 -tls1 1 -tls1.1 1 -tls1.2 1 The actual protocol version TLS1.2 was verified by wireshark. tlsMonitor info sock12678a0 handshake start {before/connect initialization} tlsMonitor info sock12678a0 connect loop {before/connect initialization} tlsMonitor info sock12678a0 connect loop {SSLv3 write client hello A} tlsMonitor info sock12678a0 connect loop {SSLv3 read server hello A} tlsMonitor verify sock12678a0 2 <<snip>> tlsMonitor verify sock12678a0 1 <<snip> tlsMonitor verify sock12678a0 0 <<snip>> tlsMonitor info sock12678a0 connect loop {SSLv3 read server certificate A} tlsMonitor info sock12678a0 connect loop {SSLv3 read server key exchange A} tlsMonitor info sock12678a0 connect loop {SSLv3 read server done A} tlsMonitor info sock12678a0 connect loop {SSLv3 write client key exchange A} tlsMonitor info sock12678a0 connect loop {SSLv3 write change cipher spec A} tlsMonitor info sock12678a0 connect loop {SSLv3 write finished A} tlsMonitor info sock12678a0 connect loop {SSLv3 flush data} tlsMonitor info sock12678a0 connect loop {SSLv3 read finished A} tlsMonitor info sock12678a0 handshake done {SSL negotiation finished successfully} tlsMonitor info sock12678a0 connect exit {SSL negotiation finished successfully}
- login: "anonymous"
- mimetype: "text/x-fossil-plain"
- private_contact initialized to: "a774b1f5653dc3360e29ea7d635a64e94c9f1dab"
- severity initialized to: "Important"
- status initialized to: "Open"
- title initialized to: "Callback wrongly reports SSL3"
- type initialized to: "Code Defect"
Ticket change [3733ee98bb] (rid 1406) by rkeene on 2019-04-09 19:35:39:
- icomment:
The data being reported is documented to contain an informational string returned from OpenSSL: > The message argument is a descriptive string which may be generated either by SSL_state_string_long() or by SSL_alert_desc_string_long(), depending on context It does not indicate the version of SSL or TLS being used.
- login: "rkeene"
- mimetype: "text/x-fossil-wiki"
- priority changed to: "Low"
- resolution changed to: "Rejected"
- status changed to: "Closed"
- type changed to: "Documentation"
- icomment: