vk2705

It is a requirement of some customers. their browser behaves like that - by sending NTLS ciphers in TLS Hello, it indicates its ability to support both protocols. On Mon,...

Thank you for your reply! the requirement by our customer is that if the client browser sends TLS 1.2 ClientHello, our server should reply with GmSSL ServerHello (if client has...

i mean, to edit this: int SSL_connection_is_ntls(SSL *s, int is_server) On Mon, Jan 24, 2022 at 8:01 AM Vitaly ***@***.***> wrote: > Thank you for your reply! > the requirement...

I know that browser 360 does it... but BabaSSL s_server does not and then the national secret server will return to the normal national secret protocol when get such ClientHello....

I mean, that babaSSL s_server, as I see, does not switch to national secret protocol. I think https://gm.trustasia.com runs a different server software. On Mon, Jan 24, 2022 at 9:08...

Thank you, I am going to do it! On Mon, Jan 24, 2022 at 9:13 AM ***@***.*** ***@***.***> wrote: > > 是的，我刚看了下babassl的代码，是直接判断的版本号，可以修改下SSL_connection_is_ntls的代码，将目前的只判断版本号，不是0x0101的就直接返回false修改为当版本号不是0x0101时，读取到完整的ciphersuite列表，判断里边是否有0xe013和0xe053的套件再决定返回true/false。 > > — > Reply to this email...

unfortunately it did not work. it is not enough to modify SSL_connection_is_ntls(). Even if we force it to return 1, and the Hello is compatible with NTLS, the connection would...