Hi, I have a question about the creation of SSL contexts, client hello and zlib compression.
For example, executing `openssl s_server -accept ... -key ... -cert ...` uses SSLv23_server_method by default. (note: I use openssl 0.9.8d) Connecting to this server using `openssl s_client -connect ...` seems not to use compression: Compression: NONE Expansion: NONE whereas `openssl s_client -connect ... -tls1` does Compression: zlib compression Expansion: zlib compression Is there a way to use one context (to be used both for accepting and establishing connections) that will (cmp SSL_CTX_new manpage, section SSLv23_method): - understand SSLv2, SSLv3, and TLSv1 client hello messages, - will send out TLSv1 client hello messages As far as I understand, this is needed to get compression. Using two different contexts, one initialized with TLSv1_client_method, the other initialized via SSLv23_server_method, is possible of course, but that tends to be a little tedious if both clients use the same key, certificate, crls, etc. Additionally, are there backward compability issues if I use TLSv1_client_method (assuming that 'most' of my peers use SSLv23_method() to create their SSL context)? Cheers Philipp ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
