Hi Steve, Is it still disabled by default? In build 1.0.1-stable-SNAP-20111028, I do not see that line in ssl/ssl_lib.c as you mentioned, meaning enabled by default going forward?
Thanks, -binlu -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dr. Stephen Henson Sent: Thursday, September 29, 2011 3:20 AM To: openssl-users@openssl.org Subject: Re: openssl-1.0.1-stable-SNAP-20110927 On Thu, Sep 29, 2011, Michael Haas wrote: > Hello, > > i tried to enable TLS1.1 + TLS1.2 on Apache 2.2.21 with > openssl-1.0.1-stable-SNAP-20110927 but didn't succeed. > TLS 1.1 is working as excpected but TLS 1.2 not. I don't get a > connection with TLS1.2, tried IE9 and Opera. > Should TLS 1.2 work already with openssl 1.0.1 or is only the > implimentation of TLS 1.1 finished? > > I get the following error in the apache log with > openssl s_client -tls1_2 -CAfile SSL_CA.pem -connect XXX.XXX.XXX.XXX:443 > SSL Library Error: 336151598 error:1409442E:SSL > routines:SSL3_READ_BYTES:tlsv1 alert protocol version > TLS v1.2 is disabled by default at present but can be reenabled at runtime or with a minor change to OpenSSL. In ssl/ssl_lib.c remove the line: ret->options |= SSL_OP_NO_TLSv1_2; Or in the application call: SSL_CTX_clear_options(ctx, SSL_OP_NO_TLSv1_2); Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
