V
Veeraragavan
Guest
For my project purpose we have to send https request from C# .NET client by using HttpWebRequest.
Server side SSL3.0 has been selected. In our .NEt Client side TLS1.2 and SSL3.0 has been selected.
During SSL handshake server sending ServerHello with SSL3.0. But our .NET Client side instead of accepting the SSL 3.0, it sends a "protocol_version" alert message and close the connection.
So based on the result i suspects, .NET client closing the connection to avoid the Poodle(Version Rollback attack) vulnerability.
But i am unable to find out the references to conclude the behaviour of my .NET client is correct or wrong.
Continue reading...
Server side SSL3.0 has been selected. In our .NEt Client side TLS1.2 and SSL3.0 has been selected.
During SSL handshake server sending ServerHello with SSL3.0. But our .NET Client side instead of accepting the SSL 3.0, it sends a "protocol_version" alert message and close the connection.
So based on the result i suspects, .NET client closing the connection to avoid the Poodle(Version Rollback attack) vulnerability.
But i am unable to find out the references to conclude the behaviour of my .NET client is correct or wrong.
Continue reading...