Re: [Lynx-dev] [openssl-dev] On SSLv23_method() drop and TLS

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] [openssl-dev] On SSLv23_method() drop and TLS_method() in

From:	Gisle Vanem
Subject:	Re: [Lynx-dev] [openssl-dev] On SSLv23_method() drop and TLS_method() introduction
Date:	Tue, 19 May 2015 18:33:19 +0200
User-agent:	Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0 SeaMonkey/2.33.1

Matt Caswell wrote:

I just posted the following to lynx-dev:


I didn't get that post.

The OP suggested this:

+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+       ssl_ctx = SSL_CTX_new(TLSv1_client_method());
+#else
         ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+#endif

This is not quite correct either. TLSv1_client_method() will force
TLS1.0 only. This is the correct approach:

+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
+       ssl_ctx = SSL_CTX_new(TLS_client_method());
+#else
         ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+#endif


Okay, this was better. The command:
  lynx https://www.ssllabs.com/ssltest/viewMyClient.html

now gives:
  Protocol Features
  Protocols
  TLS 1.2 Yes
  TLS 1.1 Yes*
  TLS 1.0 Yes*
  SSL 3   Yes*
  SSL 2   No

--
--gv

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Lynx-dev] [openssl-dev] On SSLv23_method() drop and TLS_method() introduction, Gisle Vanem <=
- Re: [Lynx-dev] [openssl-dev] On SSLv23_method() drop and TLS_method() introduction, Thorsten Glaser, 2015/05/19
  - Re: [Lynx-dev] [openssl-dev] On SSLv23_method() drop and TLS_method() introduction, Matt Caswell, 2015/05/19

Prev by Date: Re: [Lynx-dev] SSLv23 method gone now
Next by Date: Re: [Lynx-dev] [openssl-dev] On SSLv23_method() drop and TLS_method() introduction
Previous by thread: [Lynx-dev] SSLv23 method gone now
Next by thread: Re: [Lynx-dev] [openssl-dev] On SSLv23_method() drop and TLS_method() introduction
Index(es):
- Date
- Thread