tls: Use TLSv1_client_method for OpenSSL

TLSv1 is compatible with SSLv3, so this doesn't change much in terms of compatibility. By explicitly using TLSv1, OpenSSL sends the server name indication (SNI) header, which we already set using SSL_set_tlsext_host_name (earlier, this didn't have any effect). SNI allows servers to serve SSL content for different host names with separate certificates on one single port (vhosts). Signed-off-by: Martin Storsjö <martin@martin.st>

tls: Use TLSv1_client_method for OpenSSL
TLSv1 is compatible with SSLv3, so this doesn't change much in terms of compatibility. By explicitly using TLSv1, OpenSSL sends the server name indication (SNI) header, which we already set using SSL_set_tlsext_host_name (earlier, this didn't have any effect). SNI allows servers to serve SSL content for different host names with separate certificates on one single port (vhosts). Signed-off-by: Martin Storsjö <martin@martin.st>
92db95e9 · Martin Storsjö · 268fb3f9 · 92db95e9
Commit 92db95e9 authored Nov 17, 2011 by Martin Storsjö
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

tls.c libavformat/tls.c +1 -1

No files found.
--- a/libavformat/tls.c
+++ b/libavformat/tls.c
@@ -147,7 +147,7 @@ static int tls_open(URLContext *h, const char *uri, int flags)
            goto fail;
    }
 #elif CONFIG_OPENSSL
-    c->ctx = SSL_CTX_new(SSLv3_client_method());
+    c->ctx = SSL_CTX_new(TLSv1_client_method());
    if (!c->ctx) {
        av_log(h, AV_LOG_ERROR, "%s\n", ERR_error_string(ERR_get_error(), NULL));
        ret = AVERROR(EIO);