On Wed, May 11, 2005 at 02:14:23PM +0200, Thomas Biege wrote: > You see I use SSLv23_method() and later SSL_CTX_set_options(ctx, SSL_OP_ALL > | SSL_OP_NO_SSLv2); to disable SSLv2 support. > > Is it normal that the "Client Hello" message is SSLv2 and later TLS is used?
Yes. In the past this used to be necessary because some SSL 3.0 implementations were confused by seeing TLS 1.0 records in the Client Hello. But now these issues should be history. A change of behaviour will be in the next versions of the following OpenSSL snapshots, located in directory <URL: ftp://ftp.openssl.org/snapshot;type=d/>: openssl-0.9.7-stable-SNAP-<date>.tar.gz (0.9.7 series) openssl-SNAP-<date>.tar.gz (0.9.8-dev) The 20050512 (and later) snapshots will have the change. Please test one of these and let us know about any problems. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
