> ... for >= TLSv1.2, protocol should be selected as SSLv23_method()?
Yes, but as Viktor pointed out, you also need: options = SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 |SSL_OP_NO_SSLv2 Jeff On Sat, Jan 25, 2014 at 10:40 AM, Devchandra L Meetei <dlmee...@gmail.com>wrote: > Just one more thing, for >= TLSv1.2, > > Protocol should be selected as SSLv23_method()? > > > On Sat, Jan 25, 2014 at 8:33 PM, Devchandra L Meetei > <dlmee...@gmail.com>wrote: > >> Aah, As you asked me correctly, Would prefer the >TLSv1.2, >> Thank you Viktor. >> >> >> On Sat, Jan 25, 2014 at 10:53 AM, Viktor Dukhovni < >> openssl-us...@dukhovni.org> wrote: >> >>> On Sat, Jan 25, 2014 at 10:29:58AM +0530, Devchandra L Meetei wrote: >>> >>> > What is the best way to support TLS1.2 procotol alone in an application >>> >>> Do you really mean only TLSv1.2, or do you in fact want >= TLSv1.2, >>> so that when TLSV1.3 comes out the same code will also work with >>> TLSv1.3? >>> >>> > currently it is done by creating protocol >>> > sslProtocolMethod = TLSv1_2_method(); >>> > ctx = SSL_CTX_new(sslProtocolMethod); >>> >>> This gives you exclusively TLSv1.2. >>> >>> > options = SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 |SSL_OP_NO_SSLv2; >>> > options |= SSL_OP_NO_SSLv3; >>> > >>> > and used options to >>> > SSL_CTX_set_options(ctx, options); >>> >>> This gives you >= TLSv1.2. >>> >>> You can decide which is right for you. >>> >>
