I noticed that when I specified just PJ_SSL_SOCK_PROTO_TLS1_1 or
PJ_SSL_SOCK_PROTO_TLS1_2 as the protocol of a SSL socket, I got an
OpenSSL failure (function ssl23_get_server_hello, reason
SSL_R_UNSUPPORTED_PROTOCOL). I'm not sure why SSLv23_method with
SSL_CTX_set_options doesn't work in this case, but I could make it work
by using TLSv1_1_method and TLSv1_2_method when only TLS 1.1 or 1.2 is
specified (see the attached patch)
-------------- next part --------------
Index: pjlib/src/pj/ssl_sock_ossl.c
===================================================================
--- pjlib/src/pj/ssl_sock_ossl.c (revision 3702)
+++ pjlib/src/pj/ssl_sock_ossl.c (working copy)
@@ -526,6 +526,12 @@
case PJ_SSL_SOCK_PROTO_TLS1:
ssl_method = (SSL_METHOD*)TLSv1_method();
break;
+ case PJ_SSL_SOCK_PROTO_TLS1_1:
+ ssl_method = (SSL_METHOD*)TLSv1_1_method();
+ break;
+ case PJ_SSL_SOCK_PROTO_TLS1_2:
+ ssl_method = (SSL_METHOD*)TLSv1_2_method();
+ break;
#ifndef OPENSSL_NO_SSL2
case PJ_SSL_SOCK_PROTO_SSL2:
ssl_method = (SSL_METHOD*)SSLv2_method();
