[squid-dev] cope with OPENSSL_NO_SSL3 builds of (libre|open)ssl
Stuart Henderson
stu at spacehopper.org
Fri Sep 11 19:11:01 UTC 2015
On 2015-09-10, Amos Jeffries <squid3 at treenet.co.nz> wrote:
>
> Maybe - If I'm reading the OpenSSL docs right the SSLv3_method was
> producing a fixed specific method to negotiate SSLv3-only protocol. The
> TLS_method is negotiating any TLS version.
Exactly.
> No - TLS_method() is *not* equivalent to TLSv1_2_method(). It is
> equivalent to SSLv23_method() / SSLv23_server_method(). All of those may
> or may not produce TLSv1_2_method() as their output depending on the
> config settings.
Yes, in libressl SSLv23_*method is the same as TLS_method, whereas the
TLSv1_x_method() refer to only one specific version (same as SSLv2_method
and SSLv3_method).
More information about the squid-dev
mailing list