s_client -no_tls1 option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/01/2015 05:28 PM, Nounou Dadoun wrote:
> Getting an unexpected result, does the no_tls1 option for s_client mean "don't use tls1" (and everything else is ok) or does it mean "don't use tls1 or tls1.1 or tls1.2"?  I expected the former but I'm observing the latter!  (The man page doesn't go into that much detail.) ... N
>

The latter.

The TLS protocol only specifies a maximum version supported by the
client (and in practice there are some heuristics using the record
protocol version to indicate the minimum version supported), so the
client is essentially claiming just a contiguous range.  Once 1.0 is
removed, the higher versions are as well.  (I would have to check to see
how this interacts with no_ssl2 and no_ssl3.)

-Ben Kaduk


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux