> -----Original Message-----
> From: owner-openssl-us...@openssl.org [mailto:owner-openssl-
> us...@openssl.org] On Behalf Of Dr. Stephen Henson
> Sent: Wednesday, June 13, 2012 5:23 PM
> To: openssl-users@openssl.org
> Subject: Re: TLSv1.2 backward compatibility
>
> On Wed, Jun 13, 2012, Garrison, Jim (ETW) wrote:
>
> > Is anybody else having trouble with newer SSL clients (1.0.1c
> specifically) causing older servers to hang?
> >
>
> Yes, see PR#2771.
>
> >
> > Reading the 1.0.1c release notes I see
> >
> > 3. If all else fails setting OPENSSL_NO_TLS1_2_CLIENT will
> disable
> > TLS 1.2 client support entirely.
> >
> > Is this something that can be set at runtime, or is it purely a
> compile-time option?
>
> Yes you can set SSL_OP_NO_TLSv1_2 and possibly SSL_OP_NO_TLSv1_1 too.
Sorry if I seem dense, but how do I set this at runtime? I tried
creating an environment variable as in:
export SSL_OP_NO_TLSv1_2=1
export SSL_OP_NO_TLSv1_1=1
openssl s_client -connect remoteserver:443
but this gets the same hang, both with s_client and the svn client, and
Wireshark shows it's still sending a TLSv1.2 handshake.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
