[openssl-users] Working around servers requiring SSL 2/3 record layer, and using TLS 1.2?
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Feb 11 02:14:10 UTC 2016
> On Feb 10, 2016, at 9:03 PM, Jeffrey Walton <noloader at gmail.com> wrote:
>
> How do we work around a server that seems to require SSLv23_method?
Don't think of this as a work-around. You SHOULD use the version-flexible
method (renamed from SSLv23_method() to TLS_method() in master).
You should then disable unwanted protocols that are too weak. In master
use the new min/max version controls and avoid the SSL_OP_NO_<some_version>
macros. In 1.0.x, use the macros to disable some contiguous set of protocol
versions starting at SSLv2.
--
Viktor.
More information about the openssl-users
mailing list