ravi shankar wrote:
> We have a SSL client and we are having issues while connecting to some
> oracle application servers which does not support TLS. By default, our
> client tries TLS and the server sends an alert message for the client
> hello instead of sending server hello. If we disable TLS and use
> SSLV3, the connection goes fine.
>
> Is there any SSL_CTX option or api to tell that try TLS, if it does
> not work, fallback to SSLV3? We do not want to completely disable TLS
> by setting the option SSL_OP_NO_TLSv1 in SSL_CTX_set_options.
I fully understand you correctly: you are using a sslv23_method() (with
SSL_OP_NO_SSLv2 in SSL_CTX_set_options) to connect to a server and the
handshake fails?
This scenario should send a SSLv2 compatible client hello with SSLv3 and
TLSv1 being offered as valid. The server should then choose TLSv1 as
best possible option if supported and SSLv3 if TLSv1 is not available...
Best regards,
Lutz
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
