* Pradeep Gudepu:
> if(server)
> //method = ::SSLv23_server_method();
> method = ::TLSv1_server_method();
> else
> //method = ::SSLv23_client_method();
> method = ::TLSv1_client_method();
This is wrong, it prevents the use of TLS 1.1 and TLS 1.2.
SSLv23_method etc. is the correct choice, but these functions are
named in a very misleading way.
> if(server)
> {
> ::SSL_CTX_set_options(ctx, (SSL_OP_NO_SSLv2 |
> SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION));
> ::SSL_CTX_set_cipher_list(ctx,
> "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM");
> }
You should do the above for both client *and* server.
> SSLSocket::Callback: Handshake done: AES256-SHA SSLv3 Kx=RSA
> Au=RSA Enc=AES(256) Mac=SHA1
I think this is jsut a bug in your logging code, as Matt explained.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
