[Copied to Lutz + openssl - looks like you set follow up there]
Hi,
Thanks for two good suggestions. Although I was using neither, they don't
change much:
- I am now using SSLv23_method and SSL_OP_ALL
- The connection fails unless SSL_OP_NO_SSLv3 is included (ie SSLv3 is
excluded)
- The error is now "No common cipher" (handshake B; no handshake A)
"No common cipher" suggests *very* strongly that I have an error in my
compilation/linking/library that is excluding some cipher suite. However,
when I list the available ciphers from within the code everything seems
correct and the same libraries work with SSLv2 (or rather, with SSLv3
disabled) and with other browsers.
I am checking the mod_ssl code - it is difficult to make direct comparisons
as it is arranged differently to my code (it is server only, while much of
my code is server/client generic), but I have not found any significant
differences yet.
Thanks again - for a while you made me very hopeful that I had a solution!
Cheers,
Andrew
At 06:10 PM 2/15/01 +0100, you wrote:
>Do you try to set SSL_OP_ALL as of
> http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html ?
>[...]
>Without checking the mod_ssl source, I would rather recommend you to use
>SSLv23_method and SSL_OP_NO_SSLv2 if you don't want to allow SSLv2.
>See
> http://www.openssl.org/docs/ssl/SSL_CTX_new.html
>I expect this second point to be your problem.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
