On Wed, Feb 10, 2016 at 09:03:35PM -0500, Jeffrey Walton wrote: > As far as I know, there are no constants for TLS 1.0 and 1.1, so we > can't extend this in clients: > > const SSL_METHOD* method = SSLv23_method(); > ctx = SSL_CTX_new(method); > ... > > const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | > SSL_OP_NO_COMPRESSION; > SSL_CTX_set_options(ctx, flags); The constant for TLS 1.0, 1.1 and 1.2 exist too. But I don't think they're all documented in the 1.0.2 branch. # define SSL_OP_NO_SSLv2 0x01000000L # define SSL_OP_NO_SSLv3 0x02000000L # define SSL_OP_NO_TLSv1 0x04000000L # define SSL_OP_NO_TLSv1_2 0x08000000L # define SSL_OP_NO_TLSv1_1 0x10000000L Kurt
