[openssl-users] Working around servers requiring SSL 2/3 record layer, and using TLS 1.2?

Jeffrey Walton noloader at gmail.com
Thu Feb 11 02:03:35 UTC 2016

How do we work around a server that seems to require SSLv23_method?
That is, they accept the SSLv3 record layer and TLS 1.2 protocol, but
they reject record layers and protocols that only specify TLS 1.2?

As far as I know, there are no constants for TLS 1.0 and 1.1, so we
can't extend this in clients:

    const SSL_METHOD* method = SSLv23_method();
    ctx = SSL_CTX_new(method);

    const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
    SSL_CTX_set_options(ctx, flags);

Thanks in advance.

More information about the openssl-users mailing list