EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Version Negotiation (TLS1 not supported)

Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.
#27207
Posted: 11/11/2013 15:46:13
by Elric Pedder (Standard support level)
Joined: 05/11/2006
Posts: 5

What is the recommended method for negotiating the version of SSL when connecting as a client with TElSecureClient? I've found a server that returns sbAlert (Bad Record MAC) if Versions is set to [sbSSL2, sbSSL3, sbTLS1] and works if I remove sbTLS1. I'd like to be able to use a lesser version when the client doesn't support TLS1 but I don't want to switch off TLS1 when the server does support it.

Is one expected to just try again in all failure cases with a more restricted set of versions or is there a way to detect the problem somehow? I'm using SBB5 if that makes a difference.

Many thanks
#27208
Posted: 11/12/2013 00:34:11
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

The server you are trying to connect behaves incorrectly. It should accept the maximum supported version from the list supported by the client. However your version of SecureBlackbox is very old and a lot of improvements were made to SSL/TLS implementation since then. I recommend you to try the latest 11th version and check if it works for you.

Reply

Statistics

Topic viewed 1345 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!