[openssl-dev] TLS session ticket extension problem when using the ssl23_client_hello method
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Jul 23 13:40:08 UTC 2015
On Thu, Jul 23, 2015 at 01:19:24PM +0000, Ian McFadries (imcfadri) wrote:
> I have encountered a problem with EAP-FAST PACs when switching our
> implementation of OpenSSL from a context that supports TLSv1.0 only to a
> context that supports negotiation to the highest available TLS version.
Just call:
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3)
(just the no-v2 option suffices, but you should avoid v3 also).
Once SSLv2 is disabled, the client HELLO will again include
SSLv3/TLS extensions.
--
Viktor.
More information about the openssl-dev
mailing list