I had a hard time trying to make a simple HTTPS server with OpenSSL. However I managed to build it with TLSv1.2 support using the 1.0.2 beta version.
The code I use to initialize the context is the following: SSL_library_init(); OpenSSL_add_all_algorithms(); SSL_load_error_strings(); ssl_method = TLSv1_2_server_method(); ssl_ctx = SSL_CTX_new(ssl_method); Afther this I load the server private key and certificate. Then I accept new clients from the TCP socket and pass the socket to SSL: ssl = SSL_new(ssl_ctx); SSL_set_fd(ssl, client_socket); SSL_accept(ssl); Unfortunately only latest browsers support TLSv1.2 and documentation explictly states that using TLS_v1_(1)_server_method will not gracefully degrade to TLSv1 or SSLv3, and I suppose that the same is for TLS_V1_2_server_method. Is there any way to have the server *prefere* TLSv1.2 and degrate to TLSv1.1, TLSv1 and SSLv3 (not SSLv2)? Also I share the created ssl_ctx among all connections received (the server fork()s just after SSL_accept). Is this problematic in any way? Finally, is the heartbleed bug fixed in 1.0.2beta1? Thanks in advance :) ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
