Re^2: if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake?


Perl Monk, Perl Meditation
	PerlMonks

Re^2: if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake?

by bennetthaselton (Novice)

on May 23, 2018 at 16:49 UTC ( [id://1215108]=note: print w/replies, xml )

Need Help??

in reply to Re: if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake?
in thread if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake?

OK yes I get the same results as you do, so that's a repro without using Perl.

I've heard that "TLS uses SSL certificates" (e.g. https://learntomato.com/what-is-a-vpn/ ). Although I'm not clear on the mechanics, is that what's going on -- TLS is a different protocol but it uses the public/private keys baked into SSLv3 certificates, and when the debug messages refer to "SSLv3", that's what they're referring to?

Comment on Re^2: if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake?

Replies are listed 'Best First'.
Re^3: if SSLv3 is disabled, why does LWP::UserAgent request indicate successful SSLv3 handshake? by rizzo (Curate) on May 24, 2018 at 15:09 UTC
As far as I know, they're using the same cipher suites. Why the debug messages refer to SSlv3 although TLS is used for the connection, no clue, sorry.	[reply]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://1215108]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others romping around the Monastery: (4)

As of 2024-04-19 01:17 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found