Andrei Pelinescu-Onciul writes:
The problem with SSLv23 is that it should use SSLv23 only when it acts as server (if it uses SSLv23 when it acts as client a TLSv1 only server will not allow it to connect). Moreover if you use SSLv23 you might end up accepting a SSLv2 client. Theoretically we could workaround this in the code by setting SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3 (probably only for the server part, the client would still have to support only TLSv1) but I never tested it.
after i changed sr tls_method to SSLv23, sip-communicator was able to establish tls connection and wireshark showed that negotiation resulted in TLSv1 even when initial client hello was SSLv2.
so looks to me that it makes sense to have a new mode that only allows TLSv1, but accepts either TLSv1 or SSLv2 initial client hello. i'll add a tracker entry about it.
-- juha