TLS 1.1 and TLS 1.2 Support - use SSLv23_method() not TLSv1_method()

Alan DeKok aland at deployingradius.com
Sun Nov 16 10:12:37 EST 2014


Nick Lowe wrote:
> In struct tls_connection * tls_connection_init(void *ssl_ctx) { ... }, there is:
> 
> options = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_SINGLE_DH_USE;
> 
> When I was grepping away through the source, it was this that made me
> think it wasn't needed.

  Exactly.

  It's nice to see that multiple pieces of software are getting updated
at the same time.  It means that people are more likely to use the new
features, and to discover bugs in EAP supplicants. :(

  Alan DeKok.


More information about the HostAP mailing list