Topic: TLS 1.2 support
I tested CyaSSL's TLS 1.2 server implementation via Internet Explorer 9 and Opera (TLS 1.2 enabled in both). It works fine with Opera, but not IE. Has anyone tested CyaSSL's TLS 1.2 with IE? Should it work?
Specifically, I tested the CyaSSL server.exe sample under Win 7, making small changes to prevent requests for client certs and wrap the "fa shizzle" message with a valid HTTP/HTML response.
// SSL_CTX_set_verify(ctx,SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT,0);
SSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, 0);
I build and run server.exe, then go to https://localhost:11111. In Opera, this works fine: I see the "fa shizzle" message in the browser window. In IE, however, I get only a failed connection. Debug output from CyaSSL (below) seems to indicate the IE terminated the handshake. Any explanations or suggestions appreciated -- thanks.
CyaSSL Entering CYASSL_CTX_new
CyaSSL Leaving CYASSL_CTX_new, return 0
CyaSSL Entering SSL_CTX_set_verify
CyaSSL Entering SSL_CTX_set_default_passwd_cb
CyaSSL Entering SSL_CTX_load_verify_locations
Getting dynamic buffer
Processing CA PEM file
Adding a CA
Parsed new CA
Freeing Parsed CA
Freeing der CA
OK Freeing der CA
CyaSSL Leaving AddCA, return 0
Processed a CA
CyaSSL Entering SSL_CTX_use_certificate_chain_file
Getting dynamic buffer
Growing Tmp Chain Buffer
Processing Cert Chain
Consumed another Cert in Chain
Finished Processing Cert Chain
CyaSSL Entering SSL_CTX_use_PrivateKey_file
CyaSSL Entering SSL_new
CyaSSL Leaving SSL_new, return 0
CyaSSL Entering SSL_set_fd
CyaSSL Leaving SSL_set_fd, return 1
CyaSSL Entering CyaSSL_SetTmpDH
CyaSSL Leaving CyaSSL_SetTmpDH, return 0
CyaSSL Entering SSL_accept()
received record layer msg
CyaSSL Entering DoHandShakeMsg()
processing client hello
CyaSSL Leaving DoHandShakeMsg(), return 0
accept state ACCEPT_CLIENT_HELLO_DONE
accept state HELLO_VERIFY_SENT
accept state ACCEPT_FIRST_REPLY_DONE
accept state SERVER_HELLO_SENT
growing output buffer
Shrinking output buffer
accept state CERT_SENT
accept state KEY_EXCHANGE_SENT
accept state CERT_REQ_SENT
accept state SERVER_HELLO_DONE
Embed Receive error
Connection reset
CyaSSL error occured, error = -208
CyaSSL Entering SSL_get_error
CyaSSL Leaving SSL_get_error, return -208
CyaSSL Entering ERR_error_string
error = -208, error state on socket
yassl error: SSL_accept failed