* Pradeep Gudepu: > if(server) > //method = ::SSLv23_server_method(); > method = ::TLSv1_server_method(); > else > //method = ::SSLv23_client_method(); > method = ::TLSv1_client_method();
This is wrong, it prevents the use of TLS 1.1 and TLS 1.2. SSLv23_method etc. is the correct choice, but these functions are named in a very misleading way. > if(server) > { > ::SSL_CTX_set_options(ctx, (SSL_OP_NO_SSLv2 | > SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION)); > ::SSL_CTX_set_cipher_list(ctx, > "ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM"); > } You should do the above for both client *and* server. > SSLSocket::Callback: Handshake done: AES256-SHA SSLv3 Kx=RSA > Au=RSA Enc=AES(256) Mac=SHA1 I think this is jsut a bug in your logging code, as Matt explained. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org