From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: From: "Steve Simon" Date: Tue, 15 Nov 2016 16:22:02 +0000 To: 9fans@9fans.net In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit Subject: Re: [9fans] tls 1.2 Topicbox-Message-UUID: aadff2e6-ead9-11e9-9d60-3106f5b1d025 > The libsec-chacha.diff patch is not useful, since it's not used yet. I suspected as much but thought it wouldn't hurt. > Does it works when you connect to https://9p.io/? > This machine have the same patches applied. yes, this works fine. I am trying to connect to davmail - an exchange / imap+smtp gateway, hosted on windows so I am talking to a windows tls implementation which may well be the cause of my frustration. There is a very suspicious block of code: if((tr->handin == 0) && (header[0] & 0x80)){ if(tr->debug)pprint("weird MS header\n"); /* Cope with an SSL3 ClientHello expressed in SSL2 record format. This is sent by some clients that we must interoperate with, such as Java's JSSE and Microsoft's Internet Explorer. */ len = (get16(header) & ~0x8000) - 3; type = header[2]; ver = get16(header + 3); if(type != SSL2ClientHello || len < 22) rcvError(tr, EProtocolVersion, "invalid initial SSL2-like message"); }else{ /* normal SSL3 record format */ if(tr->debug)pprint("normal SSL3 header\n"); type = header[0]; ver = get16(header+1); len = get16(header+3); } Though I have tried looking at the contents of this buffer in case it has subtly changed and it bears no relation to this case so maybe thats a red herring (false lead to non British people). -Steve