Quick question, modifying context options on an openssl server (disabling SSLv2 and SSLv3, enabling TLSv1 (for compatibility for now), TLSv1.1 and TLSv1.2) and I had a question about which version is chosen in practice in a TLS connection. I've read that in general the client proposes the highest version it supports and the server chooses a compatible version or rejects if there isn't one. Rfc5246 basically says that the server will choose the highest version but I wanted to confirm that that's what openssl does (just to be certain). e.g. if the client proposes TLSv1.2 and the server supports TLSv1.2, will the server *ever* select TLSv1.1? thanks . N Nou Dadoun Senior Firmware Developer, Security Specialist Office: 604.629.5182 ext 2632 Support: 888.281.5182 ?|? avigilon.com Follow?Twitter ?|? Follow?LinkedIn
