Re: libwww Web client?

Richard Levitte - VMS Whacker Sat, 4 Mar 2000 11:39:13 -0800
george> 1. the default app context in the libWWW shim uses a diffent
george> default client method than openssl.exe.  I could connect to a
george> secure site with the openssl.exe sample, but not with secure
george> get.  it was rejecting the minor protocol version.  I made the
george> following change in HTSSL.c HTSSL_init:
george> 
george> #if !defined(NO_SSL2) && !defined(NO_SSL3)
george>         meth=SSLv23_client_method();
george> #elif !defined(NO_SSL3)
george>         meth=SSLv3_client_method();
george> #elif !defined(NO_SSL2)
george>         meth=SSLv2_client_method();
george> #else
george>         // Original code
george>         meth = TLSv1_client_method();
george> #endif

I find it amusing that the SSLv23 method hasn't been explained better
(or at least I haven't seen any good description about it).

SSLv23 is actually kind of an umbrella which handles all available
protocols (SSLv2, SSLv3 and TLSv1) dynamically.  In a client hello, it
will tell the server that it knows about them all, adn when receiving
the server hello, it will switch over to whatever the server decided.
An "SSLv23" server will accept client hello's with all those protocols
in and will respond with a server hello with the protocol it found best
(the first one presented in the client hello, if I understand the
source correctly).

Exceptions can be made.  With SSL_CTX_set_options() or
SSL_set_options(), you can use the flags SSL_OP_NO_SSLv2,
SSL_OP_NO_SSLv3 and SSL_OP_NO_TLSv1 to turn off protocols you don't
want to support.

With SSLv23_method(), you get it all, and don't really need to bother
with the other methods.  Modulo bugs, of course...

-- 
Richard Levitte   \ Spannvägen 38, II \ [EMAIL PROTECTED]
Chairman@Stacken   \ S-168 35  BROMMA  \ T: +46-8-26 52 47
Redakteur@Stacken   \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis             -- [EMAIL PROTECTED]
           Member of the OpenSSL development team

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: libwww Web client?

Reply via email to
