Examples of client/server negotiation

When the system is used as a client when TLSv1 is selected:

  • If the remote server has TLSv1 support, then the handshake result is TLSv1.
  • If the remote server does not have TLS, then an error is returned and the connection attempt fails. Handshake failure messages are reported to the engine log.

When the system is used as a client, and All is selected, if the remote server has TLSv1 support, the handshake result is TLSv1. Otherwise, depending on priorities, the server may choose SSLv2 or SSLv3 as the result.

Standard/version selection priorities are determined by the server; TLSv1 has the highest priority. This operation succeeds unless the server does not support any of the requested standards/versions.

When the system is used as a server and SSLv3 is selected and the remote client places an initial connection request with SSLv3 or All, the handshake result is SSLv3. All other types get a failure and an error returned.

The system is used as a server when All is selected.

Any client-selected standard is used because All means "accept all standards." If the client side is also All, then the default standard is used. Default depends on the client side application. For example, openSSL sets SSLv2 as the default. An application using GnuTLS sets SSLv3 as the default.