Am 09.11.2014 um 00:54 schrieb Julian Gilbey: > On Fri, Nov 07, 2014 at 10:58:22PM +0100, Peter Meiser wrote: >> Hi Julian, >> >> looking at your solution for bug #767301, you use TLSv1_client_method() >> instead of SSLv3_client_method. >> >> Why did you use this method instead of SSLv23_client_method()? Because with >> SSLv23_client_method, TLS/SSL connection established with this method may >> understand the SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols and is not >> limited to TLSv1. >> >> Just my thoughts. >> Best regards, >> Peter > > Hi Peter, > > You are right, I could have used SSLv23_client_method, and that would > look nicer. However, AFAICT it would make no difference, as openssl > is now configured with no-ssl2 no-ssl3, so SSLv23_client_method will > only use TLSv1 anyway. > > Or am I wrong on this? > > Julian > Hi Julian,
you "forbid"/exclude the usage of TLS 1.1 and TLS 1.2 if you use TLSv1_client_method. This is not the case if you use SSLv23_client_method as all TLS versions are included and can be negotiated. Best regards, Peter -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
