[Python-Dev] which SSL client protocols work with which server protocols?
Bill Janssen
janssen at parc.com
Mon Sep 10 19:30:54 CEST 2007
> I've now built a framework in test_ssl to test all client protocols
> (SSL2, SSL3, SSL23, TLS1) against all server protocols, and here's
> what I've come up with. Servers are along the X axis, and clients are
> on the Y axis. "Yes" means that that client protocol can talk to that
> server protocol.
>
> SSL2 SSL3 SS23 TLS1
> SSL2 yes no no no
> SSL3 yes yes yes no
> SSL23 no no yes no
> TLS1 no no yes yes
>
> I'm a bit surprised by the facts that (1) an SSL2 client can't connect
> to an SSL23 server, and (2) an SSL23 client can *only* connect to an
> SSL23 server. Can anyone verify that these combos (the results of
> testing with the Python framework) are indeed to be expected?
Sure enough, in testing on my FC7 platform, which has a more modern
version of OpenSSL (0.9.8e instead of the older 0.9.7l platform I was
using), an SSL2 client *can* connect to an SSL23 server. And I got
one of the above entries wrong: an SSL23 client can connect to an SSL2
server.
I guess in the test harness, I'll just note the discrepancy, but not
fail the test either way. And I'll add a note to the documentation.
Bill
More information about the Python-Dev
mailing list