From: JH (jupiter.hce_at_[hidden])
Date: 2019-10-15 10:12:15
Thanks Andrey. change to use TLS did the trick.
On 10/14/19, Andrey Semashev via Boost <boost_at_[hidden]> wrote:
> I think your question is more about OpenSSL rather than Boost.ASIO. The
> function names for the TLS connection methods are misleading (for
> historical reasons).
> Both SSLv2 and SSLv3 are long outdated and insecure and are actually
> removed from the recent OpenSSL versions. What SSLv23_method does is
> actually negotiate the TLS version between the server and the client,
> and the result will most certainly not be SSLv2 or SSLv3. In OpenSSL
> 1.1.0, IIRC, SSLv23_method was renamed to TLS_method, and SSLv23_method
> was left as an alias.
> SSLv3_method, as well as other <something_specific>_method functions,
> instruct OpenSSL to use this specific protocol version only. Since SSLv3
> is removed, I imagine using it would give you the result you're seeing.
> In general, unless you have a serious reason to, you should not use
> specific versions of TLS protocols since this will prevent your
> application from using more secure protocol versions as they are
> released. I would recommend using TLS_method (and its client/server
> variants) to allow protocol version negotiation and use
> SSL_CTX_set_min/max_proto_version to control the negotiated protocol
> versions, if needed. I'm not sure how that maps onto Boost.ASIO API.
You're right, changing to use TLS did the trick.
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk