The current version selection option for SSL lets the caller turn on a specific SSL/TLS version, but not disable one. Normally SSLv3 and TLSv1 would both be acceptable, but SSLv2 is never acceptable because of its holes, so it would be good to have the option to allow anything but that version.
(We've tested that disabling the SSLv2 ciphers doesn't actually disable use of SSLv2 itself.)
I checked the openssl s_client options, and it supports turning off a specific version, so apparently it can be done.
Log in to post a comment.