1

I am working on a SSL client server application. I want to enable all protocols above TLSv1 so what i am doing is 

1)sslctx = SSL_CTX_new(SSLv23_method());
2)SSL_CTX_set_options(sslctx,SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1);
3)SSL_set_ssl_method(ssl,TLSv1_2_method());

The doubt that i have is will i also be able to connect using TLSv1_1 if i use TLSv1_2_method in SSL_set_ssl_method or will it only support TLSv1_2?

I want to support everything above TLSv1?

Thanks in advance.

singh
  • 439
  • 1
  • 4
  • 20
  • 1
    Also see [Setting up TLS1.2 connection which supports SNI](http://stackoverflow.com/a/24415607/608639). Though its tagged with iOS, it applies to nearly all OpenSSL. However, it only answers your "TLS 1.0 and above" question. Its doe snot answer your "purpose of SSL_set_ssl_method" question. – jww Jun 01 '16 at 18:12
  • Also, the TLSv1.1 client connection is easy enough to test: `openssl s_client -connect : -tls1_1 -servername `. The `-servername` ensures you are using SNI. See [`s_client` man page](http://www.openssl.org/docs/manmaster/apps/s_client.html) for details on the options. – jww Jun 02 '16 at 00:08

0 Answers0