Re^7: Net::SSLeay and secure renegotiation

> With SSL_cipher_list set to ALL, i can see 38 cipher suites being sent but not the "TLS_EMPTY_RENEGOTIATION_INFO_SCSV".

With SSL_cipher_list ALL I get 91 ciphers and it includes TLS_EMPTY_RENEGOTIATION_INFO_SCSV. I'm using OpenSSL 1.0.1 on Linux. Having only this few ciphers in ALL looks for me like a very old OpenSSL version which might not even support TLS_EMPTY_RENEGOTIATION_INFO_SCSV. What version you are using? My guess is that you still might be using 0.9.8, probably on OS X which shipped this very old and for ages unsupported version by default.

Comment on Re^7: Net::SSLeay and secure renegotiation

Replies are listed 'Best First'.
Re^8: Net::SSLeay and secure renegotiation by iThunder (Beadle) on Dec 13, 2016 at 16:50 UTC
The openssl version on my linux is 1.0.2j 26 Sep 2016 and i can send that TLS_EMPTY_RENEGOTIATION_INFO_SCSV if i use openssl commands.	[reply]
Re^9: Net::SSLeay and secure renegotiation by noxxi (Pilgrim) on Dec 13, 2016 at 18:22 UTC
> The openssl version on my linux is 1.0.2j 26 Sep 2016 and i can send that TLS_EMPTY_RENEGOTIATION_INFO_SCSV if i use openssl commands. With openssl 1.02 I get 101 ciphers when using 'ALL' which is very different from the 38 you get. Could it be that the openssl binary you use and the libssl linked to Net::SSLeay have different OpenSSL versions? Please check the version used from Net::SSLeay with perl -MNet::SSLeay -e 'printf "%x\n",Net::SSLeay::OPENSSL_VERSION_NUMBER()'	[reply]
Re^10: Net::SSLeay and secure renegotiation by iThunder (Beadle) on Dec 13, 2016 at 18:26 UTC
Below is the output. Thanks root@host# perl -MNet::SSLeay -e 'printf "%x\n",Net::SSLeay::OPENSSL_VERSION_NUMBER()' 90807f	[reply]
Re^11: Net::SSLeay and secure renegotiation by noxxi (Pilgrim) on Dec 13, 2016 at 19:25 UTC
Re^12: Net::SSLeay and secure renegotiation by iThunder (Beadle) on Dec 13, 2016 at 19:32 UTC
Some notes below your chosen depth have not been shown here


Think about Loose Coupling
	PerlMonks