EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Version Negotiation (TLS1 not supported)

Posted: 11/11/2013 15:46:13
by Elric Pedder (Standard support level)
Joined: 05/11/2006
Posts: 5

What is the recommended method for negotiating the version of SSL when connecting as a client with TElSecureClient? I've found a server that returns sbAlert (Bad Record MAC) if Versions is set to [sbSSL2, sbSSL3, sbTLS1] and works if I remove sbTLS1. I'd like to be able to use a lesser version when the client doesn't support TLS1 but I don't want to switch off TLS1 when the server does support it.

Is one expected to just try again in all failure cases with a more restricted set of versions or is there a way to detect the problem somehow? I'm using SBB5 if that makes a difference.

Many thanks
Posted: 11/12/2013 00:34:11
by Vsevolod Ievgiienko (Team)

Thank you for contacting us.

The server you are trying to connect behaves incorrectly. It should accept the maximum supported version from the list supported by the client. However your version of SecureBlackbox is very old and a lot of improvements were made to SSL/TLS implementation since then. I recommend you to try the latest 11th version and check if it works for you.



Topic viewed 2248 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!