On Fri, Nov 14, 2014 at 06:26:24AM +0000, Vaghasiya, Nimesh wrote:
[ It is rude to ask user questions on the dev list (moved to Bcc). ]
> We are in process of disabling SSLv3 and SSLv2 protocols from all of our
> FreeBSD based applications.
>
> For SSLv23 methods we are setting SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3 options as
> shown below,
>
>
> conn->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
> SSL_CTX_set_mode(conn->ssl_ctx, SSL_OP_NO_SSLv2);
>
> SSL_CTX_set_mode(conn->ssl_ctx, SSL_OP_NO_SSLv3);
>
> Does this ensure my SSLv23 methods will no more accept SSLv3 and SSLv2
> connections ?
No, it does not.
You really should read the manpage for SSL_CTX_set_mode(3) that
function is unrelated to setting the options in question.
To control protocol feature and work-around options see
SSL_CTX_set_options(3).
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
