As Thulasi wrote, SSLv23_client_method supports *ALL* protocols that your library supports by default. The name of the function is just historical and should be ignored. From the documentation:
"If the cipher list does not contain any SSLv2 ciphersuites (the default cipher list does not) or extensions are required (for example server name) a client will send out TLSv1 client hello messages including extensions and will indicate that it also understands TLSv1.1, TLSv1.2 and permits a fallback to SSLv3." The real question is why the server that didn’t support TLS couldn’t fall back to SSLv3? If a SSLv3 server can’t understand a TLSv1 hello, then it kind of defeats the purpose of being able to fallback to SSLv3 ... Cheers! ----- John Lane Schultz Spread Concepts LLC Cell: 443 838 2200 On Sep 16, 2014, at 12:36 PM, abhijit pai <abhijitpa...@gmail.com> wrote: Hi Thulasi, Thanks for the response. But my point is little different here. I have a generic HTTP client, that talks to SSL 3.0 as well as TLS 1.x enabled server. And as mentioned earlier, I have disabled SSLv2. Now, when I talk to any server, shouldn't the client be sending SSLv3(SSL 3.0) in the version instead of TLS 1.0 as seen from packet capture? Is it some default behaviour? Is it configurable? Regards, Abhijit > Thulasi Goriparthi > SSLv23_client_method supports all protocols by default and connects using > the highest protocol that server supports(as received from server hello) > > I suggest you try disabling TLS 1.0 along with SSL2 if you want to force > your client to use SSL3 without changing the context's method. > SSL_CTX_set_options(ctx, SSL_OP_ALL| > SSL_OP_NO_SSLv2 | > SSL_OP_NO_TLSv1); > > If the server supports TLS1.1 and TLS 1.2, update the client ctx option to > use SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 also. On Fri, Sep 12, 2014 at 6:01 PM, abhijit pai <abhijitpa...@gmail.com> wrote: Hello All, I am using openSSL in my custom HTTP client. Here I use SSLv23_client_method() and disable SSLv2 using SSL_CTX_set_options(ctx, SSL_OP_ALL| SSL_OP_NO_SSLv2) I would expect the handshake method sent out to the server be SSL v3.0 but to my surprise it is TLS 1.0, which for some reasons the server does not support. This is a generic code, that would talk to even TLS 1.x enabled servers, so I cannot fix it using SSLv3_client_method(). Is there any other API that I am not aware of that could help me achieve it? Thanks in advance! Regards, Abhijit ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
