On Wed, Oct 29, 2014 at 2:43 AM, Yann Ylavic <ylavic....@gmail.com> wrote: > Maybe we should introduce another protocol keywork, namely ANY, which > would opt-in SSLv23 (SSLv2Hello), and not disable single protocol > configuration in any case like in the patch proposed by Mikhail.
So that "SSLProtocol ANY -SSLv3" would still negociate TLSv1.x only but would accept SSLv2Hello from client. Clients using a v2Hello won't send TLS extensions though (while the ServerHello should be TLSv1.0), so if this may solve compatibiliy issues, I'm not sure it is secure to use it (no full TLS/extensions handshake)...