On Wed, Feb 10, 2016 at 09:03:35PM -0500, Jeffrey Walton wrote:
> As far as I know, there are no constants for TLS 1.0 and 1.1, so we
> can't extend this in clients:
>
> const SSL_METHOD* method = SSLv23_method();
> ctx = SSL_CTX_new(method);
> ...
>
> const long flags =
> On Feb 10, 2016, at 9:28 PM, Jeffrey Walton wrote:
>
>> You should then disable unwanted protocols that are too weak. In master
>> use the new min/max version controls and avoid the SSL_OP_NO_
>> macros. In 1.0.x, use the macros to disable some contiguous set of protocol
> On Feb 10, 2016, at 9:03 PM, Jeffrey Walton wrote:
>
> How do we work around a server that seems to require SSLv23_method?
Don't think of this as a work-around. You SHOULD use the version-flexible
method (renamed from SSLv23_method() to TLS_method() in master).
You
How do we work around a server that seems to require SSLv23_method?
That is, they accept the SSLv3 record layer and TLS 1.2 protocol, but
they reject record layers and protocols that only specify TLS 1.2?
As far as I know, there are no constants for TLS 1.0 and 1.1, so we
can't extend this in
>> How do we work around a server that seems to require SSLv23_method?
>
> Don't think of this as a work-around. You SHOULD use the version-flexible
> method (renamed from SSLv23_method() to TLS_method() in master).
>
> You should then disable unwanted protocols that are too weak. In master
>