Perhaps I'm getting confused with what's reported.
I just noticed that SSLv3 gets reported even when I specify TLS methods
on the client and server. ie.
"cipher spec=AES256-SHA SSLv3 Kx=RSA Au=RSA
Enc=AES(256) Mac=SHA1"
Is this "really" SSLv3 or is it TLS?
Kyle Hamilton wrote:
So why isn't there an SSLv3_TLSv1_server_methods()? At the moment,
TLS isn't enabled by default in most browsers (certainly not IE6,
except possibly on XPSP2), where SSLv3 is. I'd like to have the means
to have a TLS server that will fall back to SSLv3 if the client only
supports that protocol.
-Kyle H
On 2/14/06, Richard Koenning <[EMAIL PROTECTED]> wrote:
William A. Rowe, Jr. wrote:
TLSv1_server_methods() do not speak the crufty old SSLv2 garbage, you
can't connect to it using a multi-protocol handshake.
For maxiumum portability use SSLv23_server_methods()
On the client side it doesn't matter, if you want a TLSv1 connection
only, then by all means use TLSv1_client_methods().
Another possibility is to use SSLv23_client_method and restrict the
protocol usage with SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_SSLv2 |
SSL_OP_NO_SSLv3).
Ciao,
Richard
--
Dr. Richard W. Könning
Fujitsu Siemens Computers GmbH
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
