|
From: | Gisle Vanem |
Subject: | Re: [Lynx-dev] [openssl-dev] On SSLv23_method() drop and TLS_method() introduction |
Date: | Tue, 19 May 2015 18:33:19 +0200 |
User-agent: | Mozilla/5.0 (Windows NT 6.3; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0 SeaMonkey/2.33.1 |
Matt Caswell wrote:
I just posted the following to lynx-dev:
I didn't get that post.
The OP suggested this: +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) + ssl_ctx = SSL_CTX_new(TLSv1_client_method()); +#else ssl_ctx = SSL_CTX_new(SSLv23_client_method()); +#endif This is not quite correct either. TLSv1_client_method() will force TLS1.0 only. This is the correct approach: +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) + ssl_ctx = SSL_CTX_new(TLS_client_method()); +#else ssl_ctx = SSL_CTX_new(SSLv23_client_method()); +#endif
Okay, this was better. The command: lynx https://www.ssllabs.com/ssltest/viewMyClient.html now gives: Protocol Features Protocols TLS 1.2 Yes TLS 1.1 Yes* TLS 1.0 Yes* SSL 3 Yes* SSL 2 No -- --gv
[Prev in Thread] | Current Thread | [Next in Thread] |