Hi Lutz, Yes. We use sslv23_method with SSL_OP_NO_SSLv2 in SSL_CTX_set_options. In this case, how do I specify that both SSLv3 and TLSv1 are valid in my client hello? Is it specified in the cipher list? I use the cipher setting as "DEFAULT:@STRENGTH".
Thanks, Ravi. On 8/28/07, Lutz Jaenicke <[EMAIL PROTECTED]> wrote: > > ravi shankar wrote: > > We have a SSL client and we are having issues while connecting to some > > oracle application servers which does not support TLS. By default, our > > client tries TLS and the server sends an alert message for the client > > hello instead of sending server hello. If we disable TLS and use > > SSLV3, the connection goes fine. > > > > Is there any SSL_CTX option or api to tell that try TLS, if it does > > not work, fallback to SSLV3? We do not want to completely disable TLS > > by setting the option SSL_OP_NO_TLSv1 in SSL_CTX_set_options. > I fully understand you correctly: you are using a sslv23_method() (with > SSL_OP_NO_SSLv2 in SSL_CTX_set_options) to connect to a server and the > handshake fails? > This scenario should send a SSLv2 compatible client hello with SSLv3 and > TLSv1 being offered as valid. The server should then choose TLSv1 as > best possible option if supported and SSLv3 if TLSv1 is not available... > > Best regards, > Lutz > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >