package async_ssl

  1. Overview
  2. Docs

The protocol and security level that libopenssl uses.

type t =
  1. | Sslv23
  2. | Sslv3
  3. | Tlsv1
  4. | Tlsv1_1
  5. | Tlsv1_2

Best practice: Leave this at the default of Sslv23 to allow negotiation, and use an option list (Opt.t list) when calling Ssl.server or Ssl.client to disable undesired versions of SSL/TLS. See opt.mli for more details.

The current defaults for Version and Opt will enable only TLSv1.2.

Sslv23 allows negotiation, whereas the other options limit the connection to a single protocol version. See SSL_CTX_new(3) for more details. (If you are on CentOS 6, you should probably use https://www.openssl.org/docs/man1.0.1/ssl/SSL_CTX_new.html instead of the system manual pages--they appear out-of-date.)

SSLv2 was banned by RFC 6176 which contains a dire list of its shortcomings.

Older versions of OpenSSL do not support Tlsv1_1 and Tlsv1_2. You will be able to link with such a version, but will get an error about an undefined symbol at runtime if you try using the unsupported version.

include sig ... end
val t_of_sexp : Sexplib.Sexp.t -> t
val sexp_of_t : t -> Sexplib.Sexp.t
val compare : t -> t -> int
val default : t
OCaml

Innovation. Community. Security.