On Wed, 11 Jun 2014, Viktor Dukhovni wrote:
On Wed, Jun 11, 2014 at 07:24:05PM +0200, Dimitrios Apostolou wrote:
Hello list,
given that I'm developing a custom client-server application that
communicates via TLS, I decided to zero-out all options since I don't care
about backwards compatibility and heterogenous clients like browsers by
doing:
SSL_CTX_clear_options(ssl_ctx, SSL_CTX_get_options(ssl_ctx));
Can you think of reasons this might be bad practice? (e.g. openssl changing
default behaviour in the future unless an option is set)
The options start out "clear" by default.
Are you positive on that? I'm quite sure that SSL_OP_LEGACY_SERVER_CONNECT
is on for example.
Thanks,
Dimitris
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
