|
|
Boost : |
From: JH (jupiter.hce_at_[hidden])
Date: 2019-10-15 10:12:15
Thanks Andrey. change to use TLS did the trick.
On 10/14/19, Andrey Semashev via Boost <boost_at_[hidden]> wrote:
> I think your question is more about OpenSSL rather than Boost.ASIO. The
> function names for the TLS connection methods are misleading (for
> historical reasons).
>
> Both SSLv2 and SSLv3 are long outdated and insecure and are actually
> removed from the recent OpenSSL versions. What SSLv23_method does is
> actually negotiate the TLS version between the server and the client,
> and the result will most certainly not be SSLv2 or SSLv3. In OpenSSL
> 1.1.0, IIRC, SSLv23_method was renamed to TLS_method, and SSLv23_method
> was left as an alias.
>
> SSLv3_method, as well as other <something_specific>_method functions,
> instruct OpenSSL to use this specific protocol version only. Since SSLv3
> is removed, I imagine using it would give you the result you're seeing.
>
> In general, unless you have a serious reason to, you should not use
> specific versions of TLS protocols since this will prevent your
> application from using more secure protocol versions as they are
> released. I would recommend using TLS_method (and its client/server
> variants) to allow protocol version negotiation and use
> SSL_CTX_set_min/max_proto_version to control the negotiated protocol
> versions, if needed. I'm not sure how that maps onto Boost.ASIO API.
>
> https://www.openssl.org/docs/manmaster/man3/SSL_CTX_new.html
You're right, changing to use TLS did the trick.
Thanks Andrey.
- jh
Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk