Hi,
Thanks for the info.
(a typo in previous mail).
Could you please confirm whether following will ensure my SSLv23 methods will
no more accept SSLv3 and SSLv2 connections ?
conn->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
SSL_CTX_set_options(conn->ssl_ctx, SSL_OP_NO_SSLv2);
SSL_CTX_set_options(conn->ssl_ctx, SSL_OP_NO_SSLv3);
Regards,
Nimesh
________________________________
From: owner-openssl-...@openssl.org [owner-openssl-...@openssl.org] on behalf
of Viktor Dukhovni [openssl-us...@dukhovni.org]
Sent: Friday, November 14, 2014 12:05 PM
To: openssl-users@openssl.org
Subject: Re: Query regarding SSLv23 methods
On Fri, Nov 14, 2014 at 06:26:24AM +0000, Vaghasiya, Nimesh wrote:
[ It is rude to ask user questions on the dev list (moved to Bcc). ]
> We are in process of disabling SSLv3 and SSLv2 protocols from all of our
> FreeBSD based applications.
>
> For SSLv23 methods we are setting SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3 options as
> shown below,
>
>
> conn->ssl_ctx = SSL_CTX_new(SSLv23_server_method());
> SSL_CTX_set_mode(conn->ssl_ctx, SSL_OP_NO_SSLv2);
>
> SSL_CTX_set_mode(conn->ssl_ctx, SSL_OP_NO_SSLv3);
>
> Does this ensure my SSLv23 methods will no more accept SSLv3 and SSLv2
> connections ?
No, it does not.
You really should read the manpage for SSL_CTX_set_mode(3) that
function is unrelated to setting the options in question.
To control protocol feature and work-around options see
SSL_CTX_set_options(3).
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-...@openssl.org
Automated List Manager majord...@openssl.org
