Hello, I'm usinng OpenSSL 1.0.1c in my Server application. This application can be configured to disallow accepting certain SSL/TLS protocols.
If only TLS1.2 shall be allowed, the application calls meth=(SSL_METHOD*) SSLv23_server_method(); OpenSSLctx=SSL_CTX_new(meth); ..... SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_SSLv2); // never use SSL2 if (!allowed_ssl3) SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_SSLv3); if (!allowed_tls1) SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_TLSv1); if (!allowed_tls11) SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_TLSv1_1); if (!allowed_tls12) SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_TLSv1_2); .... In the case where: allowed_ssl3 = allowed_tls1 = allowed_tls11 = FALSE and allowed_tls12 = TRUE I'd expect that I cannot establish a TLS11 connection, but it does Same is true if only SSLv3 or TLSv10 is allowed. Am I doing something wrong? Mit freundlichen Grüßen/Regards Gerhard Jahn Tel.: +49 (89) 636-44657 Tel.: +49 (211) 399 22891 Fax: +49 (89) 636-45860 mailto:gerhard.j...@atos.net Otto-Hahn-Ring 6 81739 München, Deutschland Germany atos.net Atos IT Solutions and Services GmbH Geschäftsführung: Winfried Holz, Udo Littke; Vorsitzender des Aufsichtsrats: Charles Dehelly; Sitz der Gesellschaft: München, Deutschland; Registergericht: München, HRB 184933. Atos IT Solutions and Services GmbH, Legal Form: Limited Liability Company [GmbH]; Managing Directors: Winfried Holz, Udo Littke; Chairman of the Supervisory Board: Charles Dehelly; Registered Office: Munich, Germany; District Court: Munich, HRB 184933.
<<inline: ATT84871 1.jpg>>
<<inline: ATT97807 2.jpg>>