[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] [openssl-dev] On SSLv23_method() drop and TLS_method() in

From: Matt Caswell
Subject: Re: [Lynx-dev] [openssl-dev] On SSLv23_method() drop and TLS_method() introduction
Date: Tue, 19 May 2015 18:50:25 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.6.0

On 19/05/15 17:49, Thorsten Glaser wrote:
>> Matt Caswell wrote:
>>> This is not quite correct either. TLSv1_client_method() will force
>>> TLS1.0 only. This is the correct approach:
>>> +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
>>> +       ssl_ctx = SSL_CTX_new(TLS_client_method());
>>> +#else
> Indeed, but that method does not exist in older versions,

Which is why you have the test for OPENSSL_VERSION_NUMBER.

> whereas
> they *can* be built without SSLv2/SSLv3 support.

That does not make any difference. SSLv23_client_method() works
perfectly well without SSLv2/SSLv3 support. The name is very misleading
and confusing. It was named at a time when the only versions available
were SSLv2 and SSLv3. Its purpose is to auto-negotiate the highest
available version (including TLS1.0, TLS1.1 and TLS1.2). The misleading
name is the reason it has been renamed in the latest OpenSSL dev branch.

TLS_client_method() does exactly the same thing as
SSLv23_client_method() used to do - its just the preferred name for it
from version 1.1.0 onwards.

Not sure why my original post on this subject did not come through to
lynx-dev (I am subscribed and posted with the same email address as I am
subscribed as). Perhaps someone could forward this email to the list for
me if it doesn't arrive by itself :-)



reply via email to

[Prev in Thread] Current Thread [Next in Thread]