The deprecation of the version-specific methods such as DTLSv1_client_method() has introduced a regression — the SSL_OP_CISCO_ANYCONNECT hack doesn't work with DTLS_client_method().
I'm looking into fixing that (in PR#1296 along with a test case and some fixes for various other regressions). In doing so, I uncovered a slightly more generic question... If I am resuming a session with SSL_set_session(), and that previous session used a specific protocol... should we negotiate that *same* protocol again, effectively setting the minimum and maximum protocol versions to s->session->ssl_version? Given that DTLS1_BAD_VER only *ever* needs to be used in a session resume, that would be a perfectly acceptable way to obtain it... -- David Woodhouse Open Source Technology Centre david.woodho...@intel.com Intel Corporation
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev