Lee Dilkie wrote:
Perhaps I'm getting confused with what's reported.
I just noticed that SSLv3 gets reported even when I specify TLS methods
on the client and server. ie.
cipher spec=AES256-SHA SSLv3 Kx=RSA Au=RSA
Enc=AES(256) Mac=SHA1
Is this really SSLv3 or is it
Unfortunately, ssldump isn't easily available on win32 (okay, i gave it
all of 30 seconds but ./configure failed so I wasn't about to debug why).
It's just that I would expect SSL_CIPHER_description(
SSL_get_current_cipher(..)..) to return TLS if it was a TLS connection.
Is there some other
William A. Rowe, Jr. wrote:
TLSv1_server_methods() do not speak the crufty old SSLv2 garbage, you
can't connect to it using a multi-protocol handshake.
For maxiumum portability use SSLv23_server_methods()
On the client side it doesn't matter, if you want a TLSv1 connection
only, then by all
So why isn't there an SSLv3_TLSv1_server_methods()? At the moment,
TLS isn't enabled by default in most browsers (certainly not IE6,
except possibly on XPSP2), where SSLv3 is. I'd like to have the means
to have a TLS server that will fall back to SSLv3 if the client only
supports that protocol.
Perhaps I'm getting confused with what's reported.
I just noticed that SSLv3 gets reported even when I specify TLS methods
on the client and server. ie.
cipher spec=AES256-SHA SSLv3 Kx=RSA Au=RSA
Enc=AES(256) Mac=SHA1
Is this really SSLv3 or is it TLS?
Kyle Hamilton
Hey Folks,
I've hit a bit of a wall here. I want to build a simple client and
server that can handle SSL and TLS connections. It's not turning out as
simple as it looks and googling hasn't yielded a solution either.
Put simply. If I create a client-server where one end uses
TLSv1_method()
TLSv1_server_methods() do not speak the crufty old SSLv2 garbage, you
can't connect to it using a multi-protocol handshake.
For maxiumum portability use SSLv23_server_methods()
On the client side it doesn't matter, if you want a TLSv1 connection
only, then by all means use
