Re: [openssl-users] Working around servers requiring SSL 2/3 record layer, and using TLS 1.2?

On Wed, Feb 10, 2016 at 09:03:35PM -0500, Jeffrey Walton wrote: > As far as I know, there are no constants for TLS 1.0 and 1.1, so we > can't extend this in clients: > > const SSL_METHOD* method = SSLv23_method(); > ctx = SSL_CTX_new(method); > ... > > const long flags =

Re: [openssl-users] Working around servers requiring SSL 2/3 record layer, and using TLS 1.2?

> On Feb 10, 2016, at 9:28 PM, Jeffrey Walton wrote: > >> You should then disable unwanted protocols that are too weak. In master >> use the new min/max version controls and avoid the SSL_OP_NO_ >> macros. In 1.0.x, use the macros to disable some contiguous set of protocol

Re: [openssl-users] Working around servers requiring SSL 2/3 record layer, and using TLS 1.2?

> On Feb 10, 2016, at 9:03 PM, Jeffrey Walton wrote: > > How do we work around a server that seems to require SSLv23_method? Don't think of this as a work-around. You SHOULD use the version-flexible method (renamed from SSLv23_method() to TLS_method() in master). You

[openssl-users] Working around servers requiring SSL 2/3 record layer, and using TLS 1.2?

How do we work around a server that seems to require SSLv23_method? That is, they accept the SSLv3 record layer and TLS 1.2 protocol, but they reject record layers and protocols that only specify TLS 1.2? As far as I know, there are no constants for TLS 1.0 and 1.1, so we can't extend this in

Re: [openssl-users] Working around servers requiring SSL 2/3 record layer, and using TLS 1.2?

>> How do we work around a server that seems to require SSLv23_method? > > Don't think of this as a work-around. You SHOULD use the version-flexible > method (renamed from SSLv23_method() to TLS_method() in master). > > You should then disable unwanted protocols that are too weak. In master >