On 16 September 2014 23:01, Viktor Dukhovni <openssl-us...@dukhovni.org> wrote:
> On Mon, Sep 15, 2014 at 11:19:52AM +0530, Thulasi Goriparthi wrote: > > > I suggest you try disabling TLS 1.0 along with SSL2 if you want to force > > your client to use SSL3 without changing the context's method. > > SSL_CTX_set_options(ctx, SSL_OP_ALL| > > SSL_OP_NO_SSLv2 | > > SSL_OP_NO_TLSv1); > > > > If the server supports TLS1.1 and TLS 1.2, update the client ctx option > to > > use SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 also. > > Actually, those additions are not needed. Because the TLS client > HELLO advertises a single contiguous range of supported protocols > (a mininum and maximum), once SSLv3 is enabled and TLSv1 is disabled, > that range consists of SSLv3 alone even when the client can support > TLSv1.1 and/or TLSv1.2. > Thanks. I didn't notice it before. > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org >
