[openssl-dev] On SSLv23_method() drop and TLS_method() introduction
Gisle Vanem
gvanem at yahoo.no
Tue May 19 16:33:19 UTC 2015
Matt Caswell wrote:
> I just posted the following to lynx-dev:
I didn't get that post.
> The OP suggested this:
>
> +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
> + ssl_ctx = SSL_CTX_new(TLSv1_client_method());
> +#else
> ssl_ctx = SSL_CTX_new(SSLv23_client_method());
> +#endif
>
> This is not quite correct either. TLSv1_client_method() will force
> TLS1.0 only. This is the correct approach:
>
> +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
> + ssl_ctx = SSL_CTX_new(TLS_client_method());
> +#else
> ssl_ctx = SSL_CTX_new(SSLv23_client_method());
> +#endif
Okay, this was better. The command:
lynx https://www.ssllabs.com/ssltest/viewMyClient.html
now gives:
Protocol Features
Protocols
TLS 1.2 Yes
TLS 1.1 Yes*
TLS 1.0 Yes*
SSL 3 Yes*
SSL 2 No
--
--gv
More information about the openssl-dev
mailing list