On Thu, Sep 18, 2014 at 04:47:22PM -0400, John Lane Schultz wrote:
> The documentation says that a client will use a TLS hello even
> when SSLv3 is one of its supported protocols. The problem then
> is, how can such a client communicate with an SSLv3 only server,
> which probably won't understand
Actually, Abhijit, I think your question still has merit.
The documentation says that a client will use a TLS hello even when SSLv3 is
one of its supported protocols. The problem then is, how can such a client
communicate with an SSLv3 only server, which probably won’t understand the TLS
hello
Thanks John,
After reading through http://tools.ietf.org/html/rfc2246#appendix-E I
understood what you meant here, and couls make sense about fallback to
SSLv3.
"
TLS version 1.0 and SSL 3.0 are very similar; thus, supporting both
is easy. TLS clients who wish to negotiate with SSL 3.0 serve
On 16 September 2014 23:01, Viktor Dukhovni
wrote:
> On Mon, Sep 15, 2014 at 11:19:52AM +0530, Thulasi Goriparthi wrote:
>
> > I suggest you try disabling TLS 1.0 along with SSL2 if you want to force
> > your client to use SSL3 without changing the context's method.
> > SSL_CTX_set_options(ctx, S
On Mon, Sep 15, 2014 at 11:19:52AM +0530, Thulasi Goriparthi wrote:
> I suggest you try disabling TLS 1.0 along with SSL2 if you want to force
> your client to use SSL3 without changing the context's method.
> SSL_CTX_set_options(ctx, SSL_OP_ALL|
>
As Thulasi wrote, SSLv23_client_method supports *ALL* protocols that your
library supports by default. The name of the function is just historical and
should be ignored. From the documentation:
"If the cipher list does not contain any SSLv2 ciphersuites (the default cipher
list does not) or e
Hi Thulasi,
Thanks for the response.
But my point is little different here. I have a generic HTTP client,
that talks to SSL 3.0 as well as TLS 1.x enabled server.
And as mentioned earlier, I have disabled SSLv2.
Now, when I talk to any server, shouldn't the client be sending
SSLv3(SSL 3.0) in t
SSLv23_client_method supports all protocols by default and connects using
the highest protocol that server supports(as received from server hello)
I suggest you try disabling TLS 1.0 along with SSL2 if you want to force
your client to use SSL3 without changing the context's method.
SSL_CTX_set_opt
