Hi Erik, I noticed that I'm using version 1.0.1a in my app and version 1.0.1b for the s_client
I have updated both to 1.0.1c and everything works fine now. Thanx. Mit freundlichen Grüßen/Regards Gerhard Jahn Tel.: +49 (89) 636-44657 Fax: +49 (89) 636-45860 mailto:gerhard.j...@atos.net Otto-Hahn-Ring 6 81739 München, Deutschland Germany atos.net Geschäftsführer: Christian Oecking (Vorsitzender), Martin Bentler, Rainer-Christian Koppitz, Thomas Zimmermann; Sitz der Gesellschaft: München, Deutschland; Registergericht: München, HRB 184933 Seit 1. Juli 2011 gehört Siemens IT Solutions and Services GmbH zu AtoS. Since July 1st, 2011 Siemens IT Solutions and Services GmbH belongs to AtoS. Wichtiger Hinweis: Diese E-Mail und etwaige Anlagen enthalten firmenvertrauliche Informationen. Sollten Sie diese E-Mail irrtümlich erhalten haben, benachrichtigen Sie uns bitte durch Antwort-Mail und löschen Sie diese E-Mail nebst Anlagen von Ihrem System. Vielen Dank. Important notice: This e-mail and any attachment thereof contain corporate proprietary information. If you have received it by mistake, please notify us immediately by reply e-mail and delete this e-mail and its attachments from your system. Thank you. ________________________________ From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Erik Tkal Sent: Friday, August 31, 2012 10:01 PM To: openssl-users@openssl.org Subject: RE: SSL_CTX_set_options not working for SSL_OP_NO_TLSv1_1 Hi Gerhard, I have been playing with those options myself and your scenario should work. Try using s_server –no_ssl2 –no_ssl3 –no_tls1 –no_tls1_1 in conjunction with s_client –tls1_1. This sets exactly the options you indicate and it fails to connect. It’s not clear from your code, but make sure you are setting those options on the SSL_CTX before you create an SSL session from that context. Erik .................................... Erik Tkal Juniper OAC/UAC/Pulse Development From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Jahn, Gerhard Sent: Friday, August 31, 2012 5:33 AM To: 'openssl-users@openssl.org' Subject: SSL_CTX_set_options not working for SSL_OP_NO_TLSv1_1 Hello, I'm usinng OpenSSL 1.0.1c in my Server application. This application can be configured to disallow accepting certain SSL/TLS protocols. If only TLS1.2 shall be allowed, the application calls meth=(SSL_METHOD*) SSLv23_server_method(); OpenSSLctx=SSL_CTX_new(meth); ….. SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_SSLv2); // never use SSL2 if (!allowed_ssl3) SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_SSLv3); if (!allowed_tls1) SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_TLSv1); if (!allowed_tls11) SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_TLSv1_1); if (!allowed_tls12) SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_TLSv1_2); …. In the case where: allowed_ssl3 = allowed_tls1 = allowed_tls11 = FALSE and allowed_tls12 = TRUE I'd expect that I cannot establish a TLS11 connection, but it does Same is true if only SSLv3 or TLSv10 is allowed. Am I doing something wrong? Mit freundlichen Grüßen/Regards [cid:483035708@03092012-320E] Gerhard Jahn Tel.: +49 (89) 636-44657 Tel.: +49 (211) 399 22891 Fax: +49 (89) 636-45860 mailto:gerhard.j...@atos.net Otto-Hahn-Ring 6 81739 München, Deutschland Germany atos.net [cid:483035708@03092012-3215] Atos IT Solutions and Services GmbH Geschäftsführung: Winfried Holz, Udo Littke; Vorsitzender des Aufsichtsrats: Charles Dehelly; Sitz der Gesellschaft: München, Deutschland; Registergericht: München, HRB 184933. Atos IT Solutions and Services GmbH, Legal Form: Limited Liability Company [GmbH]; Managing Directors: Winfried Holz, Udo Littke; Chairman of the Supervisory Board: Charles Dehelly; Registered Office: Munich, Germany; District Court: Munich, HRB 184933.
<<inline: image001.jpg>>
<<inline: image002.jpg>>