Re: [openssl.org #2765] openssl negotiates ECC ciphersuites in SSL 3.0

Kurt Roeckx via RT Sat, 17 Mar 2012 17:03:30 -0700

On Sun, Mar 18, 2012 at 12:49:35AM +0100, Kurt Roeckx via RT wrote:
> I can confirm that removing the "no-ssl2" part gets me a TLS
> instead of SSLv3 connection.


The problem seems to be this code in s_client.c:
#if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3)
        meth=SSLv23_client_method();
#elif !defined(OPENSSL_NO_SSL3)
        meth=SSLv3_client_method();
#elif !defined(OPENSSL_NO_SSL2)
        meth=SSLv2_client_method();
#endif

SSLv23_client_method still exist when OPENSSL_NO_SSL2 is defined.
There is no reason to use SSLv3_client_method() there.  Using
SSLv23_client_method when build using no-ssl2 does seem to work
as expected.


Kurt


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Re: [openssl.org #2765] openssl negotiates ECC ciphersuites in SSL 3.0

Reply via email to