Forum Discussion
Jeff_Williams_4
Nimbostratus
Hi afedden,
Thanks for the recommendation, however, I have been unable to test since I only have access to a partition and changes with roles on 11.5 mean that I am not longer able to edit SSL Client Profiles. And our main client running into issues has now been patched to ignore the erroneous extension.
Jeff
Jeff_Williams_4
Jun 30, 2014Nimbostratus
Out of interest, if you run the command:
openssl s_client -tls1 -tlsextdebug -state -debug -connect :443
With a version of openssl > 1.0.0, do you get the 'TLS server extension "elliptic curves"' line?
We only found it caused issues with certain versions of GNU TLS, so you may not see an issue. That said, it looks like the GNU TLS behaviour was correct.
We too had the issue with SSLv3 disappearing, so we added in ciphers as per http://support.f5.com/kb/en-us/solutions/public/15000/000/sol15022.html, then we hit this issue with the elliptic curves!