> Server side at least it would be theoretically possible: i.e. only choose a > ciphersuite if TLS v1.2 is negotiated. OpenSSL doesn't support this though.
I didn't think so, thanks. One possibility is to add a construct like proto?cipher to the colon-separated list. Any interest in a patch? -- Principal Security Engineer Akamai Technology Cambridge, MA ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org