000025177 - How does SSL_CTX_set_options  or SSL_OP_ALL  affect the application?

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025177
Applies ToBSAFE/Micro Edition Suite
BSAFE/SSL-C
IssueHow does SSL_CTX_set_options, or SSL_OP_ALL, affect the application?
Resolution

The effects the various compatibility options have on the application all depend on the peer. The various options determine which SSL protocols to support and which workarounds to enable for various quirks on some SSL packages. In most cases setting SSL_OP_ALL resolves any compatibility issues safely. 
Here is the list of workarounds included as part of SSL_OP_ALL.  Other workarounds may not be included but can be set by OR'ing (|) with SSL_OP_ALL.

SSL_OP_DHANON_NULL_SIGNATURE_OK
SSL_OP_MS_SGC
SSL_OP_TLS_ROLLBACK_BUG
SSL_OP_TLS_BLOCK_PADDING_BUG
SSL_OP_TLS_D5_BUG
SSL_OP_SSLEAY_080_CLIENT_DH_BUG
SSL_OP_MSIE_SSLV2_RSA_PADDING
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
SSL_OP_NETSCAPE_CHALLENGE_BUG
SSL_OP_MICROSOFT_SESS_ID_BUG.
 

NotesSetting an SSL options does not affect the final code size.

Enabling any of these workarounds should be safe - no currently working connections should suffer..

Legacy Article IDa37111

Attachments

    Outcomes