Desert Ice
Reputation: 4620
SSLv23 does not allow sslv3 clients to connect
I am trying to create a https server that uses the ssl context. Everything works out fine for this code for TLS clients
ssl_ctx = SSL_CTX_new(SSLv23_server_method());
long options = SSL_OP_ALL |SSL_OP_NO_SSLv2 |SSL_OP_NO_SSLv3;
This effectively disables sslv2 and sslv3 and enables certain bug fixes.
I want to keep the disabling sslv3 part optional. But removing of SSL_OP_NO_SSLv3 still does not make sslv3 work.
ssl_ctx = SSL_CTX_new(SSLv23_server_method());
long options = SSL_OP_ALL |SSL_OP_NO_SSLv2 ; // SSLV3 still does not work
I use curl as the client:
curl -vk --sslv3 "https://IP/hello_world"
* Server aborted the SSL handshake
* Closing connection 0
For non sslv3 everything works fine.
Upvotes: 1
Views: 1806
Answers (1)
Desert Ice
Reputation: 4620
The problem was in the configure section of the library. It was compiled with no ssl2 or ssl3 as below
no-ssl2 no-ssl3
Hence sslv3 did not work with sslv23.
Upvotes: 1
Related Questions
- curl --tlsv1.3, OpenSSL was built without TLS 1.3 support
- Curl error: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure111
- Solving sslv3 alert handshake failure when trying to use a client certificate
- curl by default should use tls1.2 not tls1.3
- How do I make php's curl accept SSLv3?
- Php cURL error:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
- OpenSSL connection error SSL23_GET_SERVER_HELLO, but browser and curl works
- Openssl SSL_CTX_new(SSLv3_method()) returns NULL
- cURL displays SSLv3 instead of TLSv1
- curl: Unknown SSL protocol error in connection