On 24/10/2014 15:53, Pradeep Gudepu wrote:
To my earlier code, I have added these extra flags for client:
SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
And server also has these same flags set, so that no way client and server can
communicate on sslv2, sslv3.
But again in logs I see SSL3 is negotiated:
[2014-10-24 18:00:17.063, Info < proxysrv:10684>] SSLConfig::Init: SSL
initiated (OpenSSL 1.0.1j 15 Oct 2014 built on: Mon Oct 20 15:08:32 2014).
[2014-10-24 18:02:11.640, Info < proxysrv:10684>] SSLSocket::Callback:
Handshake done: AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256)
Mac=SHA1
Does this really mean "SSLv3.0 protocol negotiated"?
Or does it just mean "SSLv3.x" (which includes TLSv1.x)?
Or perhaps "SSLv3 compatible cipher suite" (which also includes TLSv1.x)?
On server, I have these ciphers set:
::SSL_CTX_set_cipher_list(ctx,
"ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM");
Is there something wrong with these ciphers? What are best cipher argument for
only TLSv1 communication. I think, I need not set ciphers on client side.
Thanks – Pradeep reddy.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded