On Mon, Sep 15, 2014 at 11:19:52AM +0530, Thulasi Goriparthi wrote:
> I suggest you try disabling TLS 1.0 along with SSL2 if you want to force
> your client to use SSL3 without changing the context's method.
> SSL_CTX_set_options(ctx, SSL_OP_ALL|
> SSL_OP_NO_SSLv2 |
> SSL_OP_NO_TLSv1);
>
> If the server supports TLS1.1 and TLS 1.2, update the client ctx option to
> use SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 also.
Actually, those additions are not needed. Because the TLS client
HELLO advertises a single contiguous range of supported protocols
(a mininum and maximum), once SSLv3 is enabled and TLSv1 is disabled,
that range consists of SSLv3 alone even when the client can support
TLSv1.1 and/or TLSv1.2.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
