> I am confused. How can we switch back to SSLv23_method and still be
> compatible with TLSv1_method. Does SSLv23_method support both?
SSLv23 understands SSLv2, SSLv3 and TLSv1. When used in a client it uses
SSLv2 but tells the server it can understand the other ones too. Check
out the SSL_CTX_new manpage for a lot more details.
> The SSL author didn't like SSLv23_method (especially SSLv2) and
> I am not
> confident to question his decision. We will just have to break
> backward
> compatibility with pre-7.3 clients. No one else has mentioned it as a
> problem, and in fact most have probably already upgraded to 7.3, so we
> should be OK.
I agree, TLSv1 is a lot better but there's no point in breaking
backwords compatibility when you don't have to. Also, given my problems
with 7.3's SSL I'd be surprised if a lot of people who use it have made
the switch.
--Nate