[openssl-users] OPENSSL_VERSION_NUMBER and TLSv1_1 & TLSv1_2 supports
zosrothko at orange.fr
Thu Dec 10 09:30:49 UTC 2015
Le 08/12/2015 18:16, Jakob Bohm a écrit :
> On 07/12/2015 11:52, zosrothko wrote:
>> Hi Jacob
>> I saw that in ssl.h, the 'NO' particule means no support of as for
>> /* Don't use RFC4507 ticket extension */
>> # define SSL_OP_NO_TICKET 0x00004000L
>> What does mean the 'NO' in SSL_OP_NO_TLSv1_1? Should not be the test
>> reversed as below?
> The define is for a flag that can be passed to some other SSL functions
> to turn off the TLSv1_1 support during a single execution, hence the
> "NO" in its name.
> Because those flags are only defined in OpenSSL versions that include
> the thing to turn off (at least if not disabled when compiling OpenSSL
> itself), I suggested using the very existence of the flag definition
> as a way to determine if the thing is included in the OpenSSL version
> where the copy of "ssl.h" was taken from.
Thanks for your explanation which makes your proposal clearer for any
newcomer of OpenSSL
More information about the openssl-users