History Of Ticket 581d50e6cdc97b0bb5f0e5516086ac469e077f04

Artifacts Associated With Ticket 581d50e6cdc97b0bb5f0e5516086ac469e077f04

  1. Ticket change [6a838c9bce] (rid 1350) by anonymous on 2018-04-05 13:49:27:

    1. foundin initialized to: "1.7.16"
    2. icomment:
      The -command callback reports handshake by SSL3, when in fact TLS1.2 was used.
      
      Accurate information would be useful - can the callback report the protocol actually used?
      
      
      In this example, TclTLS was built with --disable-sslv2 --disable-sslv3, libressl,
      and tls::socket was called with -ssl2 0 -ssl3 0 -tls1 1 -tls1.1 1 -tls1.2 1
      
      The actual protocol version TLS1.2 was verified by wireshark.
      
      tlsMonitor info sock12678a0 handshake start {before/connect initialization}
      tlsMonitor info sock12678a0 connect loop {before/connect initialization}
      tlsMonitor info sock12678a0 connect loop {SSLv3 write client hello A}
      tlsMonitor info sock12678a0 connect loop {SSLv3 read server hello A}
      tlsMonitor verify sock12678a0 2 <<snip>>
      tlsMonitor verify sock12678a0 1 <<snip>
      tlsMonitor verify sock12678a0 0 <<snip>>
      tlsMonitor info sock12678a0 connect loop {SSLv3 read server certificate A}
      tlsMonitor info sock12678a0 connect loop {SSLv3 read server key exchange A}
      tlsMonitor info sock12678a0 connect loop {SSLv3 read server done A}
      tlsMonitor info sock12678a0 connect loop {SSLv3 write client key exchange A}
      tlsMonitor info sock12678a0 connect loop {SSLv3 write change cipher spec A}
      tlsMonitor info sock12678a0 connect loop {SSLv3 write finished A}
      tlsMonitor info sock12678a0 connect loop {SSLv3 flush data}
      tlsMonitor info sock12678a0 connect loop {SSLv3 read finished A}
      tlsMonitor info sock12678a0 handshake done {SSL negotiation finished successfully}
      tlsMonitor info sock12678a0 connect exit {SSL negotiation finished successfully}
      
    3. login: "anonymous"
    4. mimetype: "text/x-fossil-plain"
    5. private_contact initialized to: "a774b1f5653dc3360e29ea7d635a64e94c9f1dab"
    6. severity initialized to: "Important"
    7. status initialized to: "Open"
    8. title initialized to: "Callback wrongly reports SSL3"
    9. type initialized to: "Code Defect"
  2. Ticket change [3733ee98bb] (rid 1406) by rkeene on 2019-04-09 19:35:39:

    1. icomment:
      The data being reported is documented to contain an informational string returned from OpenSSL:
      
          > The message argument is a descriptive string which may be generated either by SSL_state_string_long() or by SSL_alert_desc_string_long(), depending on context
      
      It does not indicate the version of SSL or TLS being used.
      
    2. login: "rkeene"
    3. mimetype: "text/x-fossil-wiki"
    4. priority changed to: "Low"
    5. resolution changed to: "Rejected"
    6. status changed to: "Closed"
    7. type changed to: "Documentation"