[openssl-dev] [openssl.org #3728] Question: does "sslv3" in log mean we're using SSLv3?
Matt Caswell via RT
rt at openssl.org
Thu Mar 5 16:58:10 UTC 2015
On Thu Mar 05 17:42:49 2015, richard.c.paterson at sas.com wrote:
> Apologies if this is the incorrect forum for this question.
>
> We’re
> seeing error messages like SSL3_READ_BYTES and
> SSL3_GET_SERVER_CERTIFICATE for some reason;
>
> -
> SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
>
> -
> SSL£_GET_BYTES:sslv3 alert handshake failure
>
> However, we believe
> that we have disabled the use of SSLv3. Does the presence of
> “SSL3_” in the logs indicate that we are still using SSLv3 and not
> TLS like we think?
No. These are just the names of internal functions. Originally written when it
was just a choice of ssl2 or ssl3 they were subsequently reused for TLS - but
the names have remained the same.
Matt
More information about the openssl-dev
mailing list