Hello Angus,
thank you very much for your answer.
To be more precise:
* I used
* v8.16
* openssl 1.0.2d
* Tested with default OverbyteIcsSimpleSslCli1, nothing changed
(ciphers,ssloptions)
* as server I used the command line tool of openssl
"openssl s_server -tls1 -accept 443"
to force only tls1
An automatic connection with "sslBestVer" aka "sslv23" could *not* be made.
To get it work I have to change settings of ssloptions (with is set to
[] by default) to [sslOpt_NO_SSLv2].
I am not a ssl expert (!).
But is that the behaviour which has to be expected?
Is there an option, which uses sslv2,v3,tls etc. to negotiate a
apropriate protocol, so i do not have to negotiate it "manually"?
Thank you in advance once more
mgoeb
>/The introduced version method "sslBestVer" does not support tls (cause />/it means
sslv23). Would it be "nice", to support TLS too automatically ? /
sslBestVer and sslv23 do support TLS, I use them for all my application.
I added sslBestVer in an attempt to break the misconception that it only meant
v2
and v3.
According to the release notes for changes between 1.0.2 and 1.1.0:
"Version negotiation has been rewritten. In particular SSLv23_method(),
SSLv23_client_method() and SSLv23_server_method() have been deprecated,
and turned into macros which simply call the new preferred function names
TLS_method(), TLS_client_method() and TLS_server_method(). All new code
should use the new names instead."
Note that OpenSSL 1.1.0 has not yet been released, this is a future change, to
use
TLS_method instead which is documented as:
"A TLS/SSL connection established with these methods may understand the SSLv3,
TLSv1,
TLSv1.1 and TLSv1.2 protocols."
>/The destination server accepts only connection with the option
"sslTLS_V1" /
Maybe your SslOptions includes sslOpt_NO_TLSv1 or your cipher suite does not
include
an old TLSv1 ciphers (very hard to tell).
The latest OverbyteIcsHttpsTst sample includes GUI options for all the diferent
methods and options, but does need an OpenSSL reset when you change them to
ensure
the correct settings are used.
Angus
--
Martin Goebel - Prisma Computersysteme GmbH
--
To unsubscribe or change your settings for TWSocket mailing list
please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket
Visit our website at http://www.overbyte.be
