> > > What determines which SSL version is used? Is it the CTX object, > > a configuration setting, etc.? I've tried tracing the code on > > the OpenSSL side but it has me baffled even with a stack trace > > I'm having trouble understanding its path. I would appreciate > > any help you can give on the issue. > > It's controlled by three things, but the one that's probably important for > you is what '*_method' function you call to pass to SSL_CTX_new. You want > one of the TLS*_method calls. You probably have one of the SSLv*_method > calls now. >
Thank you for your help that is definitely a point in the right direction; however, it leaves me more baffled. I found the only SSL_CTX_new function that is in the code and it is being passed the TLSv1_method not an SSLv*_method which is what it should be according to your statement. So what else could cause it to call a different method? Is there an attribute of the SSL_CTX structure that I could display to see what version is going to be called that I could use to help trace the problem?