Supporting both TLSv1 and SSLv3

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Supporting both TLSv1 and SSLv3

david kine
Hello,

How should I program my client application to support
both TSLv1 and SSLv3?

According to RFC2246 appendix E, the client sends a
single SSLv3 record format HELLO message with the
version field set to {3, 1}.

Is this possible with OpenSSL?

If not, do I connect with the TLSv1_client_method()
first, and if that fails then try
SSLv3_client_method()?  Can these be done over the
same socket connection or will the server disconnect
if TLSv1 is not supported?

Thanks,

-David


               
__________________________________
Yahoo! Mail Mobile
Take Yahoo! Mail with you! Check email on your mobile phone.
http://mobile.yahoo.com/learn/mail 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Supporting both TLSv1 and SSLv3

Cesc Santa
Why don't you try SSLv23_client_method()?
You can also use the set_options (for the SSL structure or the
SSL_CTX) to prohibit the use of SSLv2. This way, you got an SSLv3 and
TLSv1 client.

Cesc

On 6/29/05, david kine <[hidden email]> wrote:

> Hello,
>
> How should I program my client application to support
> both TSLv1 and SSLv3?
>
> According to RFC2246 appendix E, the client sends a
> single SSLv3 record format HELLO message with the
> version field set to {3, 1}.
>
> Is this possible with OpenSSL?
>
> If not, do I connect with the TLSv1_client_method()
> first, and if that fails then try
> SSLv3_client_method()?  Can these be done over the
> same socket connection or will the server disconnect
> if TLSv1 is not supported?
>
> Thanks,
>
> -David
>
>
>
> __________________________________
> Yahoo! Mail Mobile
> Take Yahoo! Mail with you! Check email on your mobile phone.
> http://mobile.yahoo.com/learn/mail
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]
>
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Supporting both TLSv1 and SSLv3

david kine
Thanks for the reply, don't know how I missed that
one, perhaps the name SSLv23 is confusing because it
doesn't contain TLS.

-David

--- Cesc <[hidden email]> wrote:

> Why don't you try SSLv23_client_method()?
> You can also use the set_options (for the SSL
> structure or the
> SSL_CTX) to prohibit the use of SSLv2. This way, you
> got an SSLv3 and
> TLSv1 client.
>
> Cesc
>
> On 6/29/05, david kine <[hidden email]>
> wrote:
> > Hello,
> >
> > How should I program my client application to
> support
> > both TSLv1 and SSLv3?
> >
> > According to RFC2246 appendix E, the client sends
> a
> > single SSLv3 record format HELLO message with the
> > version field set to {3, 1}.
> >
> > Is this possible with OpenSSL?
> >
> > If not, do I connect with the
> TLSv1_client_method()
> > first, and if that fails then try
> > SSLv3_client_method()?  Can these be done over the
> > same socket connection or will the server
> disconnect
> > if TLSv1 is not supported?
> >
> > Thanks,
> >
> > -David
> >
> >
> >
> > __________________________________
> > Yahoo! Mail Mobile
> > Take Yahoo! Mail with you! Check email on your
> mobile phone.
> > http://mobile.yahoo.com/learn/mail
> >
>
______________________________________________________________________
> > OpenSSL Project                                
> http://www.openssl.org
> > User Support Mailing List                  
> [hidden email]
> > Automated List Manager                          
> [hidden email]
> >
>
______________________________________________________________________
> OpenSSL Project                                
> http://www.openssl.org
> User Support Mailing List                  
> [hidden email]
> Automated List Manager                          
> [hidden email]
>



               
__________________________________
Yahoo! Mail Mobile
Take Yahoo! Mail with you! Check email on your mobile phone.
http://mobile.yahoo.com/learn/mail 
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]