On Tue, May 13, 2014 at 6:45 AM, Gayathri Manoj <gayathri.an...@gmail.com> wrote: > Hi All, > > I am planning to upgrade my tls connection from 1.0 to 1.2. I have made > changes from the client side and am able to see the client hello with tls > version 1.2. The server supports only 1.0 and the client is not falling back > to 1.0 and giving me a fatal that Protocol version alert. > > Please let me know shall I need to add backward compatibility code > separately. If yes then how can i do it. Could you please provide some > example for the same. I believe the code below will provide the correct record (TLS 1.0) and handshake (TLS 1.2) protocol values. Essentially, its saying "TLS 1.0 or above". OpenSSL will do the right thing and chose the highest protocol level available modulo cipher suite preferences in some instances.
***** init_openssl_library(); const SSL_METHOD* method = SSLv23_method(); SSL_CTX* ctx = SSL_CTX_new(method); const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION; SSL_CTX_set_options(ctx, flags); ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
