On Sun, Apr 18, 2010 at 07:09:09PM +0100, Luigi Auriemma wrote:
> I have noticed that a client ssl connection initialized with the
> classical SSLv23_method no longer works in OpenSSL 1.0.0.
Postfix TLS client SSL context is always created via:
SSL_CTX *client_ctx = SSL_CTX_new(SSLv23_client_method())
The Postfix TLS client works with OpenSSL 1.0.0. Note however, that
the Postfix TLS client also enables bug work-arounds via SSL_OP_ALL.
SSL_CTX_set_options(client_ctx, SSL_OP_ALL)
This includes:
SSL_OP_LEGACY_SERVER_CONNECT
which is needed to allow new clients to connect to old servers.
> Can you confirm this problem?
No, but perhaps you neglected to enable SSL_OP_LEGACY_SERVER_CONNECT,
which may be required in your case.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
