There seems to be great confusion on which method to use set up a TLS/SSL connection and I guess most of that has to do with history. I would like to simplify things.
We currently seem to have methods for SSLv2, SSLv3, TLSv1 documented, and TLSv1_1 and TLSv1_2 undocumented, and then a SSLv23 method. At least some people seem to think that the SSLv23 method will only do SSLv2 and SSLv3. There probably are also people who think that the TLSv1 method will TLS 1.1 and newer. Then there are options like SSL_OP_NO_SSLv2 that can control what protocols are actually supported. I would like to replace all those with 1 (or 3) methods that don't have a version in it's name, like TLS_method() or SSL_method(), and maybe make the SSLv23 methods a define to the new methods. I would also like to get rid of SSL_OP_NO_SSLv2 and instead have a way to specify the minimum and maximum supported version by those methods, because that's really what people want to do as far as I know. Does this look like a good idea? Kurt ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
