On Sat, Jan 25, 2014 at 10:29:58AM +0530, Devchandra L Meetei wrote:
> What is the best way to support TLS1.2 procotol alone in an application
Do you really mean only TLSv1.2, or do you in fact want >= TLSv1.2,
so that when TLSV1.3 comes out the same code will also work with
TLSv1.3?
> currently it is done by creating protocol
> sslProtocolMethod = TLSv1_2_method();
> ctx = SSL_CTX_new(sslProtocolMethod);
This gives you exclusively TLSv1.2.
> options = SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 |SSL_OP_NO_SSLv2;
> options |= SSL_OP_NO_SSLv3;
>
> and used options to
> SSL_CTX_set_options(ctx, options);
This gives you >= TLSv1.2.
You can decide which is right for you.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
