Hieu Nguyen <[EMAIL PROTECTED]> writes:
> [1 <text/plain; iso-8859-1 (7bit)>]
> I want to use SSLv23_method to create SSL_CTX for my client program. I
> worked OK if the server supports SSLv3 or TLS 1.0.
> However, if the server only supports SSLv2 (as one of our current server)
> it seems that my program only negotiates SSLv3 and TLS 1.0.
> If failed, it does not try to connect using SSLv2.
What server are you using?
When you use SSLv23_method(), the SSL client sends what's
called a "backwards compatible ClientHello". It's an SSLv2 client
hello with an SSLv3 version number. However, the SSLv2 standard
was ambiguous about how an implementation should behave when it
receives a hello with a higher version number than 2. Some
implementations reject such connections. My guess is that this
is what's happening here. It's a little hard to tell because
you don't say how it fails.
You might try getting an ssldump trace to see what's going on on
the wire.
-Ekr
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
