Wt

I'm looking at boost 1.54, Wt source and SSL documentation. We create our context with the sslv23 method parameter, which invokes ::SSL_CTX_new(::SSLv23_method()). Quoting OpenSSL documentation http://www.openssl.org/docs/ssl/SSL_CTX_new.html :

SSLv23_method(void), SSLv23_server_method(void), SSLv23_client_method(void)

    A TLS/SSL connection established with these methods will understand the SSLv2,
    SSLv3, and TLSv1 protocol. A client will send out SSLv2 client hello messages
    and will indicate that it also understands SSLv3 and TLSv1. A server will
    understand SSLv2, SSLv3, and TLSv1 client hello messages. This is the best
    choice when compatibility is a concern.

Wthttpd never allows sslv2. Wthttpd offers the possibility to disable sslv3 through a command line option. There's no method to disable tlsv1.

Reading the current online documentation of OpenSSL, which does not yet mention tlsv1.2 explicitly, I would assume (but I can be wrong) that tlsv1.2 is supported by wthttpd if your OpenSSL version supports it.

If your findings conflict with my conclusion, please let me know. I have not tested this.

BR,

Wim.

We have tried to enable TLS v 1.2 support from IE 10 and the communication with out WT server stopped working. It may also be that IE doesn't implement TLS protocol completely.

Also Boost 1.54 just added support for TLS v1.1 & 1.2 contexts:

Asio:
* Various SSL enhancements. Thanks go to Nick Jones, on whose work these changes are based.
    * Added support for creation of TLSv1.1 and TLSv1.2 ssl::context objects.

It seems that there is no option similar to sslv23 which accepts SSL and TLS v1 clients. Do you think that if sslv23 accepts TLS v1 clients it should work with TLS v 1.1 & 1.2 ?

That would be my assumption but I did not research this in detail. What version of OpenSSL are you using?

What boost 1.54 added is the ability to explicitly require a tlsv1.1 or a tlsv1.2 context.

BR,

Wim.

I'm using openssl-1.0.1c.