Just one more thing, for >= TLSv1.2, Protocol should be selected as SSLv23_method()?
On Sat, Jan 25, 2014 at 8:33 PM, Devchandra L Meetei <[email protected]>wrote: > Aah, As you asked me correctly, Would prefer the >TLSv1.2, > Thank you Viktor. > > > On Sat, Jan 25, 2014 at 10:53 AM, Viktor Dukhovni < > [email protected]> wrote: > >> On Sat, Jan 25, 2014 at 10:29:58AM +0530, Devchandra L Meetei wrote: >> >> > What is the best way to support TLS1.2 procotol alone in an application >> >> Do you really mean only TLSv1.2, or do you in fact want >= TLSv1.2, >> so that when TLSV1.3 comes out the same code will also work with >> TLSv1.3? >> >> > currently it is done by creating protocol >> > sslProtocolMethod = TLSv1_2_method(); >> > ctx = SSL_CTX_new(sslProtocolMethod); >> >> This gives you exclusively TLSv1.2. >> >> > options = SSL_OP_NO_TLSv1|SSL_OP_NO_TLSv1_1 |SSL_OP_NO_SSLv2; >> > options |= SSL_OP_NO_SSLv3; >> > >> > and used options to >> > SSL_CTX_set_options(ctx, options); >> >> This gives you >= TLSv1.2. >> >> You can decide which is right for you. >> >> -- >> Viktor. >> ______________________________________________________________________ >> OpenSSL Project http://www.openssl.org >> User Support Mailing List [email protected] >> Automated List Manager [email protected] >> > > > > -- > Warm Regards > --Dev > OpenPegasus Developer/Committer > > "Any fool can write code that a computer can understand. Good programmers > write code that humans can understand." > --- Martin Fowler > -- Warm Regards --Dev OpenPegasus Developer/Committer "Any fool can write code that a computer can understand. Good programmers write code that humans can understand." --- Martin Fowler
