Re^6: Net::SSLeay and secure renegotiation

Well for some reason, its not appearing in my client hello. Below is my code. With SSL_cipher_list set to ALL, i can see 38 cipher suites being sent but not the "TLS_EMPTY_RENEGOTIATION_INFO_SCSV". What OS and openssl version are you using?

#!/usr/bin/perl

 use IO::Socket::SSL;
 use IO::Socket qw(:DEFAULT :crlf);
 $/ = CRLF;
 $| = 1;
use warnings;
my $client = IO::Socket::SSL->new(PeerHost => "1.1.1.115", PeerPort =>
+ "443", SSL_verify_mode => SSL_VERIFY_NONE, SSL_cipher_list => 'ALL')
+;

    $msg1 = "GET /index.html HTTP/1.1".$/;
    $msg2 = "Host: windows".$/;
    $msg3 = "User-Agent: curl/7.18.1 (i386-redhat-linux-gnu) libcurl/7
+.18.1 NSS/3.12 Beta 3 zlib/1.2.3 libidn/0.6.14".$/;


    print $client $msg1,$msg2,$msg3.CRLF;

    shutdown($client,2);
[download]

Comment on Re^6: Net::SSLeay and secure renegotiation Download Code

Replies are listed 'Best First'.
Re^7: Net::SSLeay and secure renegotiation by noxxi (Pilgrim) on Dec 13, 2016 at 06:32 UTC
> With SSL_cipher_list set to ALL, i can see 38 cipher suites being sent but not the "TLS_EMPTY_RENEGOTIATION_INFO_SCSV". With SSL_cipher_list ALL I get 91 ciphers and it includes TLS_EMPTY_RENEGOTIATION_INFO_SCSV. I'm using OpenSSL 1.0.1 on Linux. Having only this few ciphers in ALL looks for me like a very old OpenSSL version which might not even support TLS_EMPTY_RENEGOTIATION_INFO_SCSV. What version you are using? My guess is that you still might be using 0.9.8, probably on OS X which shipped this very old and for ages unsupported version by default.	[reply]
Re^8: Net::SSLeay and secure renegotiation by iThunder (Beadle) on Dec 13, 2016 at 16:50 UTC
The openssl version on my linux is 1.0.2j 26 Sep 2016 and i can send that TLS_EMPTY_RENEGOTIATION_INFO_SCSV if i use openssl commands.	[reply]
Re^9: Net::SSLeay and secure renegotiation by noxxi (Pilgrim) on Dec 13, 2016 at 18:22 UTC
> The openssl version on my linux is 1.0.2j 26 Sep 2016 and i can send that TLS_EMPTY_RENEGOTIATION_INFO_SCSV if i use openssl commands. With openssl 1.02 I get 101 ciphers when using 'ALL' which is very different from the 38 you get. Could it be that the openssl binary you use and the libssl linked to Net::SSLeay have different OpenSSL versions? Please check the version used from Net::SSLeay with perl -MNet::SSLeay -e 'printf "%x\n",Net::SSLeay::OPENSSL_VERSION_NUMBER()'	[reply]
Re^10: Net::SSLeay and secure renegotiation by iThunder (Beadle) on Dec 13, 2016 at 18:26 UTC
Re^11: Net::SSLeay and secure renegotiation by noxxi (Pilgrim) on Dec 13, 2016 at 19:25 UTC
Some notes below your chosen depth have not been shown here