Hi, well the (too long) subject explains it very well. But here are the details.
I used the code from the book "Network Security with OpenSSL" to play around with SSL. The client code looks like: SSL_CTX *setup_client_ctx(void) { SSL_CTX *ctx; ctx = SSL_CTX_new(SSLv23_method()); if(SSL_CTX_load_verify_locations(ctx, CAFILE, CADIR) != 1) int_error("Error loading CA file and/or directory."); if(SSL_CTX_set_default_verify_paths(ctx) != 1) int_error("Error loading default CA file and/or directory."); SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, verify_callback); SSL_CTX_set_verify_depth(ctx, 4); SSL_CTX_set_options(ctx, SSL_OP_ALL|SSL_OP_NO_SSLv2); if(SSL_CTX_set_cipher_list(ctx, CIPHER_LIST) != 1) int_error("Error setting cipher list (no valid ciphers)"); return ctx; } You see I use SSLv23_method() and later SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); to disable SSLv2 support. Is it normal that the "Client Hello" message is SSLv2 and later TLS is used? If I use SSLv3_method() everything works as expected. I attached a ethereal capture file (see frame 4). Maybe the ethereal decoder makes a mistake here or maybe it is normal behaviour. Thanks, Thomas -- TheTom <[EMAIL PROTECTED]> fingerprint = F055 43E5 1F3C 4F4F 9182 CD59 DBC6 111A 8516 8DBF
sslv2.bin
Description: Binary data
pgpEM7nvEdv1Q.pgp
Description: PGP signature