
On 2019-10-14 02:09, JH via Boost wrote:
Hi,
Any tips what I could be missing for the error of "Handshake failed: no protocols available"?
Using sslv23 in both server and client was fine, but when I changed it to use either sslv3, sslv3_client / sslv3_server, it get that error "Handshake failed: no protocols available".
I think your question is more about OpenSSL rather than Boost.ASIO. The function names for the TLS connection methods are misleading (for historical reasons). Both SSLv2 and SSLv3 are long outdated and insecure and are actually removed from the recent OpenSSL versions. What SSLv23_method does is actually negotiate the TLS version between the server and the client, and the result will most certainly not be SSLv2 or SSLv3. In OpenSSL 1.1.0, IIRC, SSLv23_method was renamed to TLS_method, and SSLv23_method was left as an alias. SSLv3_method, as well as other <something_specific>_method functions, instruct OpenSSL to use this specific protocol version only. Since SSLv3 is removed, I imagine using it would give you the result you're seeing. In general, unless you have a serious reason to, you should not use specific versions of TLS protocols since this will prevent your application from using more secure protocol versions as they are released. I would recommend using TLS_method (and its client/server variants) to allow protocol version negotiation and use SSL_CTX_set_min/max_proto_version to control the negotiated protocol versions, if needed. I'm not sure how that maps onto Boost.ASIO API. https://www.openssl.org/docs/manmaster/man3/SSL_CTX_new.html