[openssl-users] Working around servers requiring SSL 2/3 record layer, and using TLS 1.2?

Viktor Dukhovni openssl-users at dukhovni.org
Thu Feb 11 02:14:10 UTC 2016

> On Feb 10, 2016, at 9:03 PM, Jeffrey Walton <noloader at gmail.com> wrote:
> How do we work around a server that seems to require SSLv23_method?

Don't think of this as a work-around.  You SHOULD use the version-flexible
method (renamed from SSLv23_method() to TLS_method() in master).

You should then disable unwanted protocols that are too weak.  In master
use the new min/max version controls and avoid the SSL_OP_NO_<some_version>
macros.  In 1.0.x, use the macros to disable some contiguous set of protocol
versions starting at SSLv2.


More information about the openssl-users mailing list