On 19/05/15 17:49, Thorsten Glaser wrote: >> Matt Caswell wrote: > >>> This is not quite correct either. TLSv1_client_method() will force >>> TLS1.0 only. This is the correct approach: >>> >>> +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) >>> + ssl_ctx = SSL_CTX_new(TLS_client_method()); >>> +#else > > Indeed, but that method does not exist in older versions,
Which is why you have the test for OPENSSL_VERSION_NUMBER. > whereas > they *can* be built without SSLv2/SSLv3 support. That does not make any difference. SSLv23_client_method() works perfectly well without SSLv2/SSLv3 support. The name is very misleading and confusing. It was named at a time when the only versions available were SSLv2 and SSLv3. Its purpose is to auto-negotiate the highest available version (including TLS1.0, TLS1.1 and TLS1.2). The misleading name is the reason it has been renamed in the latest OpenSSL dev branch. TLS_client_method() does exactly the same thing as SSLv23_client_method() used to do - its just the preferred name for it from version 1.1.0 onwards. Not sure why my original post on this subject did not come through to lynx-dev (I am subscribed and posted with the same email address as I am subscribed as). Perhaps someone could forward this email to the list for me if it doesn't arrive by itself :-) Thanks Matt _______________________________________________ Lynx-dev mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/lynx-dev
