Le 08/12/2015 18:16, Jakob Bohm a ?crit : > On 07/12/2015 11:52, zosrothko wrote: >> Hi Jacob >> I saw that in ssl.h, the 'NO' particule means no support of as for >> example >> /* Don't use RFC4507 ticket extension */ >> # define SSL_OP_NO_TICKET 0x00004000L >> >> What does mean the 'NO' in SSL_OP_NO_TLSv1_1? Should not be the test >> reversed as below? >> > > The define is for a flag that can be passed to some other SSL functions > to turn off the TLSv1_1 support during a single execution, hence the > "NO" in its name. > > Because those flags are only defined in OpenSSL versions that include > the thing to turn off (at least if not disabled when compiling OpenSSL > itself), I suggested using the very existence of the flag definition > as a way to determine if the thing is included in the OpenSSL version > where the copy of "ssl.h" was taken from. Thanks for your explanation which makes your proposal clearer for any newcomer of OpenSSL >
