On 01/08/16 05:39, Prabhat Puroshottam wrote: > >> IIRC the behaviour is different in the forthcoming OpenSSL 1.1.0. In >> that version the client does not fix its version to the session version. >> The client remains version flexible - if the server does not wish to use >> the same version as was in the session then they can still negotiate a >> different one and the session simply does not get used. > > > > Thanks Matt, for that detailed and helpful reply. > > Is it at all possible to merge these changes being done in OpenSSL 1.1.0 > to older version of OpenSSL (as we build and ship our own version of > OpenSSL)? Or is the nature of changes very complex in nature? Unfortunately the version negotiation logic (which this change relies on) has been completely rewritten for 1.1.0 so this would not be suitable for backporting to 1.0.2. Matt