[MDEV-12190] YASSL isn't able to negotiate TLS version correctly - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.2.4, 5.5(EOL), 10.1(EOL)
Fix Version/s: 10.2.6
Component/s: SSL
Labels:
None
Environment:
All platforms

Description

According to RFC 4346 Section 7.4.13 "Server Hello" and RFC 5246 Appendix E the Server Hello packet needs to specify the highest supported TLS version, but not higher than what client requests.

YaSSL's highest supported version is TLSv1.1 (=3.2) - if the client requests a higher version, it needs to be downgraded in Server Hello packet to TLSv1.1 instead of interrupting the handshake and closing the connection.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

MDEV-12190.patch
0.9 kB
2017-03-07 06:27

Issue Links

blocks

MDEV-10332 Server 10.2: Add support for OpenSSL 1.1

Closed

relates to

CONC-260 Connection through SSL always gives error on one failed attempt

Closed

CONC-393 TLSv1.2 ciphers are rejected on Windows with Schannel

Closed

CONJ-575 test YaSSL correction and permit TLSv1.2 by default of corrected

Closed

Activity

People

Assignee:: Vladislav Vaintroub

Reporter:: Georg Richter

Votes:: 1 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2017-03-07 06:26

Updated:: 2019-03-20 00:47

Resolved:: 2018-03-12 18:59

Git Integration

Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.