That would introduce security issues such as the TLS renegotiation flaw. Surely a better solution is to make servers that pretend to support TLS but actually only support SSL3 die a horrible death?
Rich. On 30 November 2014 at 20:18, Hubert Kario via RT <r...@openssl.org> wrote: > since some TLS1.0 servers are extension intolerant, it is necessary to > not advertise any extensions to be able to connect to them. > > This patch implements command line options as well as SSL_CONF_cmd() > options to disable sending TLS extensions completely > > https://github.com/openssl/openssl/pull/198 > > -- > Regards, > Hubert Kario > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > Development Mailing List openssl-dev@openssl.org > Automated List Manager majord...@openssl.org >
