Thanks for the reply and apologies for the awkward description of the problem.
I had moved the SSL initiation until after the exchange of the 1st clear text request/reply but was getting errors, which prompted the original post. Subsequently I discovered in the move I had swapped the SSL_CTX_new() client call with the server call (and vice versa). Once I straightened that out, it worked very nicely. Regards... Neale On 1/27/12 12:52 AM, "Dave Thompson" <dthomp...@prinpay.com> wrote: > Absolutely. This is done in a number of protocols, and is > commonly called "STARTTLS" because that is the command used > in several protocols to end the clear portion and start SSL. > commandline s_client (apps/s_client.c) has starttls logic > a few major protocols you can use as examples. > > You do need an exact definition of what the clear exchange is, > and specifically when to start SSL. If your client tries to > start and the server doesn't, or vice versa, it won't work. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
