Module Ssl.Version
type t
=
|
Sslv23
|
Tls
|
Sslv3
|
Tlsv1
|
Tlsv1_1
|
Tlsv1_2
Best practice: Leave this at the default of
Tls
to allow negotiation, and use an option list (Opt.t list
) when callingSsl.server
orSsl.client
to disable undesired versions of SSL/TLS. See opt.mli for more details.The current defaults for
Version
andOpt
will enable only TLSv1.2.Tls
allows negotiation, whereas the other options (besides the deprecatedSslv23
) limit the connection to a single protocol version. See SSL_CTX_new(3) for more details. (If you are on CentOS 6, you should probably use https://www.openssl.org/docs/man1.0.1/ssl/SSL_CTX_new.html instead of the system manual pages--they appear out-of-date.)SSLv2
was banned by RFC 6176 which contains a dire list of its shortcomings.Older versions of OpenSSL do not support Tlsv1_1 and Tlsv1_2. You will be able to link with such a version, but will get an error about an undefined symbol at runtime if you try using the unsupported version.
include Ppx_sexp_conv_lib.Sexpable.S with type t := t
val t_of_sexp : Sexplib0.Sexp.t -> t
val sexp_of_t : t -> Sexplib0.Sexp.t
val default : t