Ticket Change Details
Overview

Artifact ID: 6a838c9bce7a9717383ec6354267dea132a4d22402ab269df7e60c58f9eed546
Ticket: 581d50e6cdc97b0bb5f0e5516086ac469e077f04
Callback wrongly reports SSL3
User & Date: anonymous 2018-04-05 13:49:27
Changes

  1. Change foundin to "1.7.16"
  2. Change icomment to:

    The -command callback reports handshake by SSL3, when in fact TLS1.2 was used.

    Accurate information would be useful - can the callback report the protocol actually used?

    In this example, TclTLS was built with --disable-sslv2 --disable-sslv3, libressl, and tls::socket was called with -ssl2 0 -ssl3 0 -tls1 1 -tls1.1 1 -tls1.2 1

    The actual protocol version TLS1.2 was verified by wireshark.

    tlsMonitor info sock12678a0 handshake start {before/connect initialization} tlsMonitor info sock12678a0 connect loop {before/connect initialization} tlsMonitor info sock12678a0 connect loop {SSLv3 write client hello A} tlsMonitor info sock12678a0 connect loop {SSLv3 read server hello A} tlsMonitor verify sock12678a0 2 <<snip>> tlsMonitor verify sock12678a0 1 <<snip> tlsMonitor verify sock12678a0 0 <<snip>> tlsMonitor info sock12678a0 connect loop {SSLv3 read server certificate A} tlsMonitor info sock12678a0 connect loop {SSLv3 read server key exchange A} tlsMonitor info sock12678a0 connect loop {SSLv3 read server done A} tlsMonitor info sock12678a0 connect loop {SSLv3 write client key exchange A} tlsMonitor info sock12678a0 connect loop {SSLv3 write change cipher spec A} tlsMonitor info sock12678a0 connect loop {SSLv3 write finished A} tlsMonitor info sock12678a0 connect loop {SSLv3 flush data} tlsMonitor info sock12678a0 connect loop {SSLv3 read finished A} tlsMonitor info sock12678a0 handshake done {SSL negotiation finished successfully} tlsMonitor info sock12678a0 connect exit {SSL negotiation finished successfully}

  3. Change login to "anonymous"
  4. Change mimetype to "text/x-fossil-plain"
  5. Change private_contact to "a774b1f5653dc3360e29ea7d635a64e94c9f1dab"
  6. Change severity to "Important"
  7. Change status to "Open"
  8. Change title to "Callback wrongly reports SSL3"
  9. Change type to "Code Defect"