Hi,
So the code looks like:
if (0 == strcmp("sslv23", protocol))
{
verb ("V: using SSLv23_client_method()");
ctx = SSL_CTX_new(SSLv23_client_method());
} else if (0 == strcmp("sslv3", protocol))
{
verb ("V: using SSLv3_client_method()");
ctx = SSL_CTX_new(SSLv3_client_method());
} else if (0 == strcmp("tlsv1", protocol))
{
verb ("V: using TLSv1_client_method()");
ctx = SSL_CTX_new(TLSv1_client_method());
} else
die("Unsupported protocol `%s'", protocol);
And the documetation says:
.IP "\-P | \-\-protocol [sslv23|sslv3|tlsv1]"
Set protocol to use when communicating with server (default: 'tlsv1')
I suggest you only support the SSLv23_* method. It's the only
method supporting multiple protocol versions. If you want to be
able to control the version I suggest you use
SSL_(CTX_)set_options with something like SSL_OP_NO_SSLv3.
Kurt
