[Python-Dev] which SSL client protocols work with which server protocols? (original) (raw)
Bill Janssen janssen at parc.com
Mon Sep 10 19:30:54 CEST 2007
- Previous message: [Python-Dev] which SSL client protocols work with which server protocols?
- Next message: [Python-Dev] which SSL client protocols work with which server protocols?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I've now built a framework in testssl to test all client protocols (SSL2, SSL3, SSL23, TLS1) against all server protocols, and here's what I've come up with. Servers are along the X axis, and clients are on the Y axis. "Yes" means that that client protocol can talk to that server protocol.
SSL2 SSL3 SS23 TLS1 SSL2 yes no no no SSL3 yes yes yes no SSL23 no no yes no TLS1 no no yes yes I'm a bit surprised by the facts that (1) an SSL2 client can't connect to an SSL23 server, and (2) an SSL23 client can only connect to an SSL23 server. Can anyone verify that these combos (the results of testing with the Python framework) are indeed to be expected?
Sure enough, in testing on my FC7 platform, which has a more modern version of OpenSSL (0.9.8e instead of the older 0.9.7l platform I was using), an SSL2 client can connect to an SSL23 server. And I got one of the above entries wrong: an SSL23 client can connect to an SSL2 server.
I guess in the test harness, I'll just note the discrepancy, but not fail the test either way. And I'll add a note to the documentation.
Bill
- Previous message: [Python-Dev] which SSL client protocols work with which server protocols?
- Next message: [Python-Dev] which SSL client protocols work with which server protocols?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]