1 Feb
2006
1 Feb
'06
8:43 a.m.
Cesc wrote:
On 2/1/06, Klaus Darilion
<klaus.mailinglists(a)pernau.at> wrote:
Yes, I think this is correct. The protocol version should be set to
TLSv1 afterwards, you can test this with @tls.version:
if (@tls.version == "SSLv2") {
sl_send_reply("400", "Bad TLS protocol version");
break;
}
Jan.
Hi!
I've tried the new TLS module:
1. It breaks compatibility with old TLS stack: Even when configured to
use TLSv1, it sends an SSLv2 compatible HELLO:
server2:~# ssldump
New TCP connection #1: 10.10.0.41(33107) <-> 10.10.0.42(5063)
1 1 0.0088 (0.0088) C>S SSLv2 compatible client hello
Version 3.1
I do not know if this is a problem with the new or the old stack.
Further I do not know what other TLS enabled SIP products use. Do they
accept SSL compatible HELLOs?
Klaus, i don't think this is a bug ... i think that the hello is
always v2 and then (with the server hello message) the handshake is
upgraded to v3 or tlsv1. This way, you can have an sslv2-only client
try connecting to any server, but the server will send back sslv3 or
tlsv1 server hello, thus disconnecting the client.