#30 problem with libtls, IE7, using SSL3 only

[Rusty Brooks]

I am having kind of an odd problem with libtls, and I was hoping you
could help me puzzle it out, or point me to someone who can.

The problem is, if I configure libtls with -ssl3 1 -ssl2 0 -tls1 0 That is, with only ssl3 supported.

In IE7, if I set it to use SSL2, SSL3 or TLS (that is, check all 3 boxes), then it appears that IE7 tries to do the handshake with SSL2. This seems like a normal thing to do, like you can do the handshake in SSL2 even if you don't want to support it for encryption.

But, since SSL2 is totally off, this fails and I get an error like handshake failed: wrong version number, NONE, handshake failed: wrong version number

Now, our client is insistent about keeping SSL3 only.

Is there any solution? I am not an accomplished C programmer and I have only cursory knowledge of how the openssl calls work. Is there some change I can make, to have it allow SSL2 handshakes but not SSL2 encryption?

(For context, I am using tls within tclHttpd)

Everything works fine in IE6 and firefox, just does not work in IE7 with both SSL2 and SSL3 selected.