If we check the content of /usr/include/openssl/tls1.h on a epel-5 machine (openssl-devel-0.9.8e-39.el5_11) we will find: #define TLS1_2_VERSION 0x0303 /* TLS 1.1 and 1.2 are not supported by this version of OpenSSL, so * TLS_MAX_VERSION indicates TLS 1.0 regardless of the above * definitions. (s23_clnt.c and s23_srvr.c have an OPENSSL_assert() * check that would catch the error if TLS_MAX_VERSION was too low.) */ #define TLS_MAX_VERSION TLS1_VERSION #define TLS1_VERSION_MAJOR 0x03 #define TLS1_VERSION_MINOR 0x01 It is worth noticing what the comment says ;-) We need to use TLS_MAX_VERSION to check the max tls version that is supported! Michal --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/xrootd/xrootd/issues/355#issuecomment-212794981 ######################################################################## Use REPLY-ALL to reply to list To unsubscribe from the XROOTD-DEV list, click the following link: https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1