Hiroshi Miura wrote:
Evernote windows client on Wine/OpenSSL 1.0.1/Ubuntu12.04/12.10 cannot connect its server. It is caused by server is only support TLS1.0/SSL3.0, but client ask TLS1.1/1.2 and then server returns that session is fails.
A wininet in Microsoft Windows7 implementation has a behavior to re-try by TLS1.0 after TLS1.2 fails and got FIN from server.
This patch enabled fall back mechanism to SSLv3/TLSv1.
Here is details of behavior when patched. Attached is a captured by 'ssldump -AH -i <interface>' when running https://gist.github.com/3949057 test program that makes binary by winemaker.
When original, connection is failed here.
1 0.2624 (0.1304) S>C TCP FIN
With fall back mechanism, wininet.dll try to connect again with
ClientHello Version 3.1
then success to connect.
----------------------------------- New TCP connection #1: miurahr-note.local(54342) <-> www.evernote.com(443) 1 1 0.1319 (0.1319) C>SV3.1(221) Handshake ClientHello Version 3.2 random[32]= 50 87 fb 25 93 f9 4d c6 f2 14 87 70 0a 9f 5b 37 b0 e2 ef 43 76 8c de 31 b9 a8 47 7e 74 6c 15 85 cipher suites Unknown value 0xc014 Unknown value 0xc00a Unknown value 0xc022 Unknown value 0xc021 TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA Unknown value 0x88 Unknown value 0x87 Unknown value 0xc00f Unknown value 0xc005 TLS_RSA_WITH_AES_256_CBC_SHA Unknown value 0x84 Unknown value 0xc012 Unknown value 0xc008 Unknown value 0xc01c Unknown value 0xc01b TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA Unknown value 0xc00d Unknown value 0xc003 TLS_RSA_WITH_3DES_EDE_CBC_SHA Unknown value 0xc013 Unknown value 0xc009 Unknown value 0xc01f Unknown value 0xc01e TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA Unknown value 0x9a Unknown value 0x99 Unknown value 0x45 Unknown value 0x44 Unknown value 0xc00e Unknown value 0xc004 TLS_RSA_WITH_AES_128_CBC_SHA Unknown value 0x96 Unknown value 0x41 Unknown value 0xc011 Unknown value 0xc007 Unknown value 0xc00c Unknown value 0xc002 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 Unknown value 0xff compression methods unknown value NULL 1 0.2624 (0.1304) S>C TCP FIN 1 0.2625 (0.0000) C>S TCP FIN New TCP connection #2: miurahr-note.local(54343) <-> www.evernote.com(443) 2 1 0.1268 (0.1268) C>SV3.1(221) Handshake ClientHello Version 3.1 random[32]= 50 87 fb 25 65 48 ce a6 93 20 b4 d6 f6 d9 49 0d 7b db 7a 93 3c 89 32 4d 4d 15 bc f2 dd ef 26 79 cipher suites Unknown value 0xc014 Unknown value 0xc00a Unknown value 0xc022 Unknown value 0xc021 TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA Unknown value 0x88 Unknown value 0x87 Unknown value 0xc00f Unknown value 0xc005 TLS_RSA_WITH_AES_256_CBC_SHA Unknown value 0x84 Unknown value 0xc012 Unknown value 0xc008 Unknown value 0xc01c Unknown value 0xc01b TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA Unknown value 0xc00d Unknown value 0xc003 TLS_RSA_WITH_3DES_EDE_CBC_SHA Unknown value 0xc013 Unknown value 0xc009 Unknown value 0xc01f Unknown value 0xc01e TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA Unknown value 0x9a Unknown value 0x99 Unknown value 0x45 Unknown value 0x44 Unknown value 0xc00e Unknown value 0xc004 TLS_RSA_WITH_AES_128_CBC_SHA Unknown value 0x96 Unknown value 0x41 Unknown value 0xc011 Unknown value 0xc007 Unknown value 0xc00c Unknown value 0xc002 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_RC4_128_MD5 TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_RSA_EXPORT_WITH_RC4_40_MD5 Unknown value 0xff compression methods unknown value NULL 2 2 0.8834 (0.7566) S>CV3.1(74) Handshake ServerHello Version 3.1 random[32]= 50 87 fb 29 9f 05 e2 82 c0 97 fd a3 d7 0d bd 67 d2 a6 42 47 24 e5 d1 c0 d2 e3 42 d5 23 23 00 b0 session_id[32]= 50 87 fb 29 9f 05 e2 82 c0 97 fd a3 d7 0d bd 67 d2 a6 42 47 24 e5 d1 c0 d2 e3 42 d5 23 23 00 b0 cipherSuite TLS_RSA_WITH_AES_256_CBC_SHA compressionMethod NULL 2 3 1.0231 (0.1396) S>CV3.1(2953) Handshake Certificate certificate[1356]= 30 82 05 48 30 82 04 30 a0 03 02 01 02 02 10 5d a1 43 88 66 ca 05 04 e1 4f 00 b4 71 30 67 fe 30 <SNIP> cc a2 9a f1 6e e8 cf 8e d1 1a 3c 5e 19 c5 d7 9b 35 b0 02 23 24 e5 05 b8 d5 88 e3 e0 fa b9 f4 5f 2 4 1.0231 (0.0000) S>CV3.1(4) Handshake ServerHelloDone