Hi,
So you currently have:
static const SSL_METHOD *
ssl_select_method(const char *uhp)
{
const SSL_METHOD *method;
char *cp;
cp = ssl_method_string(uhp);
if (cp != NULL) {
if (equal(cp, "ssl3"))
method = SSLv3_client_method();
else if (equal(cp, "tls1"))
method = TLSv1_client_method();
else {
fprintf(stderr, catgets(catd, CATSET, 244,
"Invalid SSL method \"%s\"\n"), cp);
method = SSLv23_client_method();
}
} else
method = SSLv23_client_method();
return method;
}
You already removed the call to the SSLv2 method, and so now the
SSLv3 method has also been removed.
I suggest to only use the SSLv23_client_method(). It's the only
method that supports multiple versions.
If you want to able to restrict the versions please use
SSL(_CTX)_set_options() with something like SSL_OP_NO_SSLv3.
Kurt
