Opened 8 years ago
Last modified 6 years ago
#10690 new Bugs
Boost SSL protocols
| Reported by: | anonymous | Owned by: | chris_kohlhoff |
|---|---|---|---|
| Milestone: | To Be Determined | Component: | asio |
| Version: | Boost 1.54.0 | Severity: | Problem |
| Keywords: | Cc: |
Description
Hello,
I use Boost SSL socket. I want to disable the TLS security protocol so I use set_options like this:
m_context.set_options(ssl::context::no_tlsv1);
But it only disables TLSv1, not TLSv1.1 and TLSv1.2. I looked at the boost source code and I saw this :
BOOST_ASIO_STATIC_CONSTANT(long, no_tlsv1 = SSL_OP_NO_TLSv1);
Why SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 are not wrapped ?
Thx
Change History (4)
comment:1 by , 8 years ago
| Component: | None → asio |
|---|---|
| Owner: | set to |
comment:2 by , 7 years ago
comment:3 by , 7 years ago
I suggest to only support the SSLv23_* or TLS_* methods. In the current master branch the SSLv23_* are defines for the TLS_* method. SSLv23_* was a confusing name. It was the only method that supported multiple SSL/TLS versions. All the other methods only support the version of the name. All those other methods have been dropped in the master branch from the headers, you should not use them.
comment:4 by , 6 years ago
Replying to anonymous:
Hello,
I use Boost SSL socket. I want to disable the TLS security protocol so I use set_options like this:
m_context.set_options(ssl::context::no_tlsv1);
But it only disables TLSv1, not TLSv1.1 and TLSv1.2. I looked at the boost source code and I saw this :
BOOST_ASIO_STATIC_CONSTANT(long, no_tlsv1 = SSL_OP_NO_TLSv1);
Why SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 are not wrapped ?
Thx
Along similar lines.
SSLv2_method, SSLv2_server_method and SSLv2_client_method where removed in OpenSSL 1.1.0. SSLv23_method, SSLv23_server_method and SSLv23_client_method were deprecated and TLS_method, TLS_server_method and TLS_client_method were introduced in OpenSSL 1.1.0.