On Tue, Sep 29, 2015 at 01:56:06PM +0000, Tiantian Liu via RT wrote:

> Hi Matt & Vi
> 
> I tried the SSLv23_method(), and precluded/excluded all SSLv2, SSLv3, TLSv1. 
> I only enabled the TLSv1.2 by SSL_CTX_set_option().
> You can see my previous code:  

Why are you disabling TLSv1, there's little reason to do that at
present.  If the server supports TLS 1.2 you'll use that, otherwise
you'll at least get TLS 1.0

> /*Only allow TLSv1.2 protocol*/
> SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | 
> SSL_OP_NO_TLSv1);

I would not disable TLSv1 at this time, just SSLv2 and SSLv3.


> While the above code didn't work. I couldn't reach the server. Though the 
> SSL_connect() didn't crash, it returned as:
> 
> 17:49:12.939 [5499]- SSL_connect res : -1

And did you print the error stack?  Look at a PCAP trace with
wireshark?  Connect to the server with "openssl s_client" and
examine the negotiated protocol parameters?

> I will continue to investigate, and keep updating the ticket. I
> will adopt your idea to see if I can obtain more information during
> crash.

This thread does not belong on openssl-dev, cross-posting and
redirecting to openssl-users.

-- 
        Viktor.
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Reply via email to