[openssl-users] Working around servers requiring SSL 2/3 record layer, and using TLS 1.2?
Kurt Roeckx
kurt at roeckx.be
Thu Feb 11 07:20:06 UTC 2016
On Wed, Feb 10, 2016 at 09:03:35PM -0500, Jeffrey Walton wrote:
> As far as I know, there are no constants for TLS 1.0 and 1.1, so we
> can't extend this in clients:
>
> const SSL_METHOD* method = SSLv23_method();
> ctx = SSL_CTX_new(method);
> ...
>
> const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
> SSL_OP_NO_COMPRESSION;
> SSL_CTX_set_options(ctx, flags);
The constant for TLS 1.0, 1.1 and 1.2 exist too. But I don't
think they're all documented in the 1.0.2 branch.
# define SSL_OP_NO_SSLv2 0x01000000L
# define SSL_OP_NO_SSLv3 0x02000000L
# define SSL_OP_NO_TLSv1 0x04000000L
# define SSL_OP_NO_TLSv1_2 0x08000000L
# define SSL_OP_NO_TLSv1_1 0x10000000L
Kurt
More information about the openssl-users
mailing list