Aah, As you asked me correctly, Would prefer the >TLSv1.2, Thank you Viktor.
On Sat, Jan 25, 2014 at 10:53 AM, Viktor Dukhovni < openssl-us...@dukhovni.org> wrote: > On Sat, Jan 25, 2014 at 10:29:58AM +0530, Devchandra L Meetei wrote: > > > What is the best way to support TLS1.2 procotol alone in an application > > Do you really mean only TLSv1.2, or do you in fact want >= TLSv1.2, > so that when TLSV1.3 comes out the same code will also work with > TLSv1.3? > > > currently it is done by creating protocol > > sslProtocolMethod = TLSv1_2_method(); > > ctx = SSL_CTX_new(sslProtocolMethod); > > This gives you exclusively TLSv1.2. > > > options = SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 |SSL_OP_NO_SSLv2; > > options |= SSL_OP_NO_SSLv3; > > > > and used options to > > SSL_CTX_set_options(ctx, options); > > This gives you >= TLSv1.2. > > You can decide which is right for you. > > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Warm Regards --Dev OpenPegasus Developer/Committer "Any fool can write code that a computer can understand. Good programmers write code that humans can understand." --- Martin Fowler
