Examples of client/server negotiation
When the system is used as a client when
is selected:- If the remote server has TLSv1 support, then the handshake result is TLSv1.
- If the remote server does not have TLS, then an error is returned and the connection attempt fails. Handshake failure messages are reported to the engine log.
When the system is used as a client, and
is selected, if the remote server has TLSv1 support, the handshake result is TLSv1. Otherwise, depending on priorities, the server may choose SSLv2 or SSLv3 as the result.Standard/version selection priorities are determined by the server; TLSv1 has the highest priority. This operation succeeds unless the server does not support any of the requested standards/versions.
When the system is used as a server and
is selected and the remote client places an initial connection request with SSLv3 or All, the handshake result is SSLv3. All other types get a failure and an error returned.The system is used as a server when
is selected.Any client-selected standard is used because
means "accept all standards." If the client side is also , then the default standard is used. Default depends on the client side application. For example, openSSL sets SSLv2 as the default. An application using GnuTLS sets SSLv3 as the default.