On 24/10/14 11:12, Pradeep Gudepu wrote: > But in logs, I still see, client and server are negotiated with SSLv3. > > > > SSLConfig::Init: SSL initiated (OpenSSL 1.0.1j 15 Oct 2014 built on: Fri > Oct 24 07:44:36 2014). > > SSLSocket::Callback: Handshake done: AES256-SHA SSLv3 > Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1
This is the format of the output you get from calling SSL_CIPHER_description (compare with the output from calling "openssl ciphers -v"). This function just dumps information on the supplied cipher (presumably the cipher that was negotiated in this case). The SSLv3 in the above tells you what SSL version this cipher is compatible with. The SSLv3 ciphers are forward compatible...so an SSLv3 cipher can be used in SSLv3, TLS1.0, TLS1.1 and TLS1.2. It doesn't tell you anything about what protocol version was actually negotiated. It is highly likely that you are actually using a TLSv1.0+ protocol version. Matt ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
