> [k...@roeckx.be - Sun Mar 18 01:03:05 2012]: > > On Sun, Mar 18, 2012 at 12:49:35AM +0100, Kurt Roeckx via RT wrote: > > I can confirm that removing the "no-ssl2" part gets me a TLS > > instead of SSLv3 connection. > > The problem seems to be this code in s_client.c: > #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) > meth=SSLv23_client_method(); > #elif !defined(OPENSSL_NO_SSL3) > meth=SSLv3_client_method(); > #elif !defined(OPENSSL_NO_SSL2) > meth=SSLv2_client_method(); > #endif > > SSLv23_client_method still exist when OPENSSL_NO_SSL2 is defined. > There is no reason to use SSLv3_client_method() there. Using > SSLv23_client_method when build using no-ssl2 does seem to work > as expected. >
Yes, that's the problem. I'd guess that logic has been unchanged since ancient versions of SSLeay which didn't support TLS at all. It should use SSLv23_client_method unconditionally and a similar fix applied to s_server.c too. I'll commit that. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org