On 25 February 2014 11:56, Leo <[email protected]> wrote: > Take a look at this thread for a explanation why you end up with TLS v1.2: > > > http://openssl.6102.n7.nabble.com/openssl-not-showing-any-TLS-1-1-chiper-suites-td36871.html > > I'm no SSL/TLS expert but in my opinion 'HIGH:!SSLv3:!SSLv2" is what you > want. > > You can quickly test the effects using "openssl s_server" and and this excellent tool (perl script): https://labs.portcullis.co.uk/tools/ssl-cipher-suite-enum/
The above cipher suite will result in a server which supports all SSL/TLS protocol versions available, *but* only TLSv1.2 will ever work because none of the other versions will have a cipher to select. I suspect this will not work well with contemporary browsers. C.
