This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

SSL handshake fails when TLS V1.2 is used but passes in SSLv3

Hello, When a SSL Handshake is made using SSLV3 protocol, the handshake passes and data is transmitted successfully. When I change the protocol to TLSV1.2, the handshake fails. To make it work, I used a different server certificate and the TLS V1.2 handshake passes. The difference between the certificate is that, the earlier certificate had non ascii characters in the Issuer DN which were encoded in BMPString. The new certificate I use does not have special characters in Issuer DN.

Can anybody of you provide me a clue as to what could be wrong here?

ssl_connection

asked 20 Jun '14, 00:36

priya
11●1●1●2
accept rate: 0%

One Answer:

The difference between the certificate is that, the earlier certificate had non ascii characters in the Issuer DN which were encoded in BMPString.

Sounds like a problem in your clients TLS1.2 implementation that does not like a BMPstring in the issuer DN.

Some questions about your client

OS and OS version
Client software and version

BTW: There has been a similar question recently, also related to BMPstring encoded characters in the issuer DN:

http://ask.wireshark.org/questions/33236/ssl-handshake-failure-when-using-a-certificate-that-contains-non-ascii-characters-in-issuer-dn

Regards
Kurt

answered 21 Jun '14, 17:21

Kurt Knochner ♦
24.8k●10●39●237
accept rate: 15%