On Tue, Sep 29, 2015 at 01:56:06PM +0000, Tiantian Liu via RT wrote: > Hi Matt & Vi > > I tried the SSLv23_method(), and precluded/excluded all SSLv2, SSLv3, TLSv1. I only enabled the TLSv1.2 by SSL_CTX_set_option(). > You can see my previous code: Why are you disabling TLSv1, there's little reason to do that at present. If the server supports TLS 1.2 you'll use that, otherwise you'll at least get TLS 1.0 > /*Only allow TLSv1.2 protocol*/ > SSL_CTX_set_options(ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1); I would not disable TLSv1 at this time, just SSLv2 and SSLv3. > While the above code didn't work. I couldn't reach the server. Though the SSL_connect() didn't crash, it returned as: > > 17:49:12.939 [5499]- SSL_connect res : -1 And did you print the error stack? Look at a PCAP trace with wireshark? Connect to the server with "openssl s_client" and examine the negotiated protocol parameters? > I will continue to investigate, and keep updating the ticket. I > will adopt your idea to see if I can obtain more information during > crash. This thread does not belong on openssl-dev, cross-posting and redirecting to openssl-users. -- Viktor.
