I have a weird case that I cannot properly explain. Using OpenSSL 1.0.1c for both client and server, I was testing various combinations of ciphers and protocol version requests.
Basically, the server uses SSLv23_server_method(). The client code uses SSLv23_client_method() and SSL_OP_NO_SSLv2 Then, if I have the following cipher list (which I have used for a long time) TLSv1+HIGH:!CAMELLIA:!SSLv2:RC4+MEDIUM:!MD5:!aNULL:!eNULL:@STRENGTH (same for client and server side) I always get a SSLv3 connection, regardless what client asks for. Changing the cipher list to (removing the TLSv1) HIGH:!CAMELLIA:!SSLv2:RC4+MEDIUM:!MD5:!aNULL:!eNULL:@STRENGTH I start getting TLS1.2 connections. Question is, in the first case, why dont I get a TLSv1 connection ? Furthermore, high strength ciphers from TLSv1 should still be usable for TLS 1.1 and 1.2, so why dont I get a TLS1.2 connection in the first case ? ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org