[Python-Dev] which SSL client protocols work with which server protocols?

Bill Janssen janssen at parc.com
Mon Sep 10 19:30:54 CEST 2007


> I've now built a framework in test_ssl to test all client protocols
> (SSL2, SSL3, SSL23, TLS1) against all server protocols, and here's
> what I've come up with.  Servers are along the X axis, and clients are
> on the Y axis.  "Yes" means that that client protocol can talk to that
> server protocol.
> 
> 	SSL2	SSL3	SS23	TLS1
> SSL2	yes	no	no	no
> SSL3	yes	yes	yes	no
> SSL23	no	no	yes	no
> TLS1	no	no	yes	yes
> 
> I'm a bit surprised by the facts that (1) an SSL2 client can't connect
> to an SSL23 server, and (2) an SSL23 client can *only* connect to an
> SSL23 server.  Can anyone verify that these combos (the results of
> testing with the Python framework) are indeed to be expected?

Sure enough, in testing on my FC7 platform, which has a more modern
version of OpenSSL (0.9.8e instead of the older 0.9.7l platform I was
using), an SSL2 client *can* connect to an SSL23 server.  And I got
one of the above entries wrong: an SSL23 client can connect to an SSL2
server.

I guess in the test harness, I'll just note the discrepancy, but not
fail the test either way.  And I'll add a note to the documentation.

Bill


More information about the Python-Dev mailing list