Browse code

tls: refreshed the README

Daniel-Constantin Mierla authored on 03/11/2013 12:15:31
Showing 1 changed files
... ...
@@ -4,7 +4,7 @@ Andrei Pelinescu-Onciul
4 4
 
5 5
    iptelorg GmbH
6 6
 
7
-   Copyright (c) 2007 iptelorg GmbH
7
+   Copyright � 2007 iptelorg GmbH
8 8
      __________________________________________________________________
9 9
 
10 10
    Table of Contents
... ...
@@ -486,17 +486,22 @@ Revoking a certificate and using a CRL
486 486
 9.1. tls_method (string)
487 487
 
488 488
    Sets the SSL/TLS protocol method. Possible values are:
489
+     * TLSv1.1 - only TLSv1.2 connections are accepted (available starting
490
+       with openssl/libssl v1.0.1e)
491
+     * TLSv1.1 - only TLSv1.1 connections are accepted (available starting
492
+       with openssl/libssl v1.0.0)
489 493
      * TLSv1 - only TLSv1 connections are accepted. This is the default
490
-       and recommended method (if you want to be rfc3261 conformant don't
491
-       change it).
494
+       value.
492 495
      * SSLv3 - only SSLv3 connections are accepted
493 496
      * SSLv2 - only SSLv2 connections, for old clients. Note: you
494 497
        shouldn't use SSLv2 for anything which should be highly secure.
495
-     * SSLv23 - any of the above methods will be accepted, with the
496
-       following limitation: the initial SSL hello message must be V2 (in
497
-       the initial hello all the supported protocols are advertised
498
-       enabling switching to a higher and more secure version). This means
499
-       connections from SSLv3 or TLSv1 clients will not be accepted.
498
+       Newer versions of libssl don't include support for it anymore.
499
+     * SSLv23 - any of the SSLv2, SSLv3 and TLSv1 methods will be
500
+       accepted, with the following limitation: the initial SSL hello
501
+       message must be V2 (in the initial hello all the supported
502
+       protocols are advertised enabling switching to a higher and more
503
+       secure version). This means connections from SSLv3 or TLSv1 clients
504
+       will be accepted.
500 505
 
501 506
    If rfc3261 conformance is desired, TLSv1 must be used. For
502 507
    compatibility with older clients SSLv23 is a good option.