On Thu, Jul 23, 2015 at 01:19:24PM +0000, Ian McFadries (imcfadri) wrote:
> I have encountered a problem with EAP-FAST PACs when switching our
> implementation of OpenSSL from a context that supports TLSv1.0 only to a
> context that supports negotiation to the highest available TLS version.
Just call:
SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3)
(just the no-v2 option suffices, but you should avoid v3 also).
Once SSLv2 is disabled, the client HELLO will again include
SSLv3/TLS extensions.
--
Viktor.
_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
