On 3/18/2013 10:29 PM, Santhosh Kokala wrote:
Hi,
The application I am working on should not support TLS 1.1 and above
protocols. I am using SSL_CTX_set_options( ctx, SSL_OP_NO_TLSv1_1); to
disable the same after creating the SSL context. But it doesn’t seem to
disable the TLS1.1 and TLS1.2 protocols
Code Snippet:
SSL_CTX *c = SSL_CTX_new(SSLv23_method());
SSL_CTX_set_options( c, SSL_OP_NO_TLSv1_1);
Can someone please let me know if I am missing anything?
Santhosh
Two things:
1. The binary value of the SSL_OP_NO_TLSv1_1 define was recently
changed, make sure your headers are from the exact same version of
OpenSSL as the libssl you are linking to.
2. The definition was recently changed so you may now need to
explicitly pass the SSL_OP_NO_TLSv1_2 flag too.
For a longer explanation, read the file "CHANGES" in the OpenSSL
source code.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
