|
Boost : |
From: Andrey Semashev (andrey.semashev_at_[hidden])
Date: 2019-10-14 07:50:42
On 2019-10-14 02:09, JH via Boost wrote:
> Hi,
>
> Any tips what I could be missing for the error of "Handshake failed:
> no protocols available"?
>
> Using sslv23 in both server and client was fine, but when I changed it
> to use either sslv3, sslv3_client / sslv3_server, it get that error
> "Handshake failed: no protocols available".
I think your question is more about OpenSSL rather than Boost.ASIO. The
function names for the TLS connection methods are misleading (for
historical reasons).
Both SSLv2 and SSLv3 are long outdated and insecure and are actually
removed from the recent OpenSSL versions. What SSLv23_method does is
actually negotiate the TLS version between the server and the client,
and the result will most certainly not be SSLv2 or SSLv3. In OpenSSL
1.1.0, IIRC, SSLv23_method was renamed to TLS_method, and SSLv23_method
was left as an alias.
SSLv3_method, as well as other <something_specific>_method functions,
instruct OpenSSL to use this specific protocol version only. Since SSLv3
is removed, I imagine using it would give you the result you're seeing.
In general, unless you have a serious reason to, you should not use
specific versions of TLS protocols since this will prevent your
application from using more secure protocol versions as they are
released. I would recommend using TLS_method (and its client/server
variants) to allow protocol version negotiation and use
SSL_CTX_set_min/max_proto_version to control the negotiated protocol
versions, if needed. I'm not sure how that maps onto Boost.ASIO API.
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_new.html
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk