>From the IO::Socket::SSL POD: =item SSL_version
Sets the version of the SSL protocol used to transmit data. 'SSLv23' uses a handshake compatible with SSL2.0, SSL3.0 and TLS1.x, while 'SSLv2', 'SSLv3', 'TLSv1', 'TLSv1_1' or 'TLSv1_2' restrict handshake and protocol to the specified version. All values are case-insensitive. Instead of 'TLSv1_1' and 'TLSv1_2' one can also use 'TLSv11' and 'TLSv12'. Support for 'TLSv1_1' and 'TLSv1_2' requires recent versions of Net::SSLeay and openssl. Independent from the handshake format you can limit to set of accepted SSL versions by adding !version separated by ':'. The default SSL_version is 'SSLv23:!SSLv3:!SSLv2' which means, that the handshake format is compatible to SSL2.0 and higher, but that the successful handshake is limited to TLS1.0 and higher, that is no SSL2.0 or SSL3.0 because both of these versions have serious security issues and should not be used anymore. You can also use !TLSv1_1 and !TLSv1_2 to disable TLS versions 1.1 and 1.2 while still allowing TLS version 1.0. Setting the version instead to 'TLSv1' might break interaction with older clients, which need and SSL2.0 compatible handshake. On the other side some clients just close the connection when they receive a TLS version 1.1 request. In this case setting the version to 'SSLv23:!SSLv2:!SSLv3:!TLSv1_1:!TLSv1_2' might help. ===================== I think this helps (the first 4 lines). Thomas Von: Grayhat <gray...@gmx.net> An: assp-test@lists.sourceforge.net Datum: 22.12.2014 12:14 Betreff: Re: [Assp-test] Question about TLS :: On Mon, 22 Dec 2014 12:02:48 +0100 :: <titc.9433ab725d.of306905e4.80bd1da5-onc1257db6.003ae7d5-c1257db6.003ca...@thockar.com> :: Thomas Eckardt <thomas.ecka...@thockar.com> wrote: > Net::SSLeay C:\> ppm s Net-SSLeay 1: Net-SSLeay Perl extension for using OpenSSL (1.0.1j) Version: 1.66 Author: Maintained by Mike McCauley and Florian Ragwitz since November 2005 Repo: bribes.org CPAN: http://search.cpan.org/dist/Net-SSLeay-1.66/ Installed: 1.66 (site) Installed: 1.52 (perl) sounds like the installed version should support TLS1.1 and 1.2 but judging from the openssl tests I ran this doesn't seem to be the case; I wonder if that version difference between "site" and "perl" may be the source of the issue (not sure what it means) ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test DISCLAIMER: ******************************************************* This email and any files transmitted with it may be confidential, legally privileged and protected in law and are intended solely for the use of the individual to whom it is addressed. This email was multiple times scanned for viruses. There should be no known virus in this email! ******************************************************* ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Assp-test mailing list Assp-test@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/assp-test
