After a really outdated tutorial, I managed to create an HTTPS server using OpenSSL with TLS1.2, and I'm very proud of that;)
However, TLS 1.2 is only supported in the latest browsers, and I would like to have some kind of protocol negotiation between the client and server, and I'm sure it can be done, but I can not find a way! Thus, if the client only supports TLS1.0, use it. And if it only supports SSLv3, use this. Not sure about SSLv2, maybe it is better to leave this ...
The code I'm using right now:
SSL_library_init();
OpenSSL_add_all_algorithms();
SSL_load_error_strings();
ssl_method = TLSv1_2_server_method();
ssl_ctx = SSL_CTX_new(ssl_method);
Then server certificates are downloaded, and ssl_ctxused for all connections. When the accepted client of the server socket, it is encapsulated in an SSL object (whatever it represents):
ssl = SSL_new(ssl_ctx);
SSL_set_fd(ssl, client_socket);
SSL_accept(ssl);
So, I think something needs to be changed in creating ssl_ctx to allow more methods ... Any idea?
<buttered> There is no decent, extensive documentation for OpenSSL, the best textbook available is 10 years old! & L; / & bombastic GT;
Thanks in advance.
source
share