That has an unexpected side effect. Selecting TLS 1.0 explictly will make openssl only accept that and nothing else. Ie would reject TLS 1.1 or any other newer version. Contrary to what the name suggests SSLv23_client_method does support TLS, any version. It automatically accepts the best version available. So to force TLS only use SSLv23_client_method() and disable SSLv2 and SSLv3 :-) That's exactly what the proposed apache config SSLProtocol all -SSLv2 -SSLv3 internally does too.
cu Ludwig
Holy crap !! It doesnt get more tricky than SSL it seems :-D and yes, of course you are right, it is documented that way. damn =) So flags SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3 might used or not in the case if SSLv3 and V2 are disabled in the server openSSL has no choice but TLS..I get it now.. Cheers. -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org