openssl s_client -connect soap.example.org:443
fails because "Secure Renegotiation IS NOT supported"
but I can connect with :
openssl s_client -tls1 -connect soap.example.org:443
Unfortunately, this doesn't help me at all. I have a PHP script using SoapClient, and although I found several
suggestions for forcing tls1 when using SoapClient, none of them work.
Seems to me that what is really needed is some way to force the use of a specific protocol per server, rather than relying on renegotiation, which can obviously be disabled. Sure, you might argue that server itself is the problem ( I don't necessarily disagree) but in the real world, we have to have some way of working around it....which currently, I don't.
It would be awesome if, in openssl.cnf we could say something like:
Like the bug says:
openssl s_client -connect soap.example. org:443 org:443
fails because "Secure Renegotiation IS NOT supported"
but I can connect with :
openssl s_client -tls1 -connect soap.example.
Unfortunately, this doesn't help me at all. I have a PHP script using SoapClient, and although I found several
suggestions for forcing tls1 when using SoapClient, none of them work.
Seems to me that what is really needed is some way to force the use of a specific protocol per server, rather than relying on renegotiation, which can obviously be disabled. Sure, you might argue that server itself is the problem ( I don't necessarily disagree) but in the real world, we have to have some way of working around it....which currently, I don't.
It would be awesome if, in openssl.cnf we could say something like:
[connection_opts] soap.example. org
server=
protocol=tls1
Of course, I'd be happy if PHP had a way to do this within SoapClient....but something like that in openssl would fix this issue for everyone.