Boost chose between SSL and TLS

I believe you need to refer to the OpenSSL documentation as asio :: ssl :: context is a thin wrapper for SSL_CTX. So the ssl :: context constructor calls SSL_CTX_new () with the appropriate method. Just like the ssl :: context :: set_options () function calls the SSL_CTX_set_options () function .

In particular, for the ssl :: context :: sslv23 method, this would be:

SSLv23_method (void), SSLv23_server_method (void), SSLv23_client_method (void) The TLS / SSL connection established with these methods can understand the SSLv2, SSLv3, TLSv1, TLSv1.1 and TLSv1.2 protocols.

If the cipher list does not contain SSLv2 ciphers (the default cipher list is not required) or extensions are required (such as the server name), the client will send TLSv1 client hello messages including extensions, and indicate that it also understands TLSv1.1, TLSv1.2 and allows you to opt out from SSLv3. The server will support SSLv3, TLSv1, TLSv1.1, and TLSv1.2 protocols. It's best if compatibility is a problem.

If any SSLv2 ciphers are included in the cipher list and no extensions are required, then SSLv2 compliant client greetings will be used by clients and SSLv2 will be accepted by the servers. This is not recommended due to the lack of security of SSLv2 and the limited nature of the SSLv2 client welcomes the ban on the use of extensions.

The list of available protocols can later be limited by using SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 parameters SSL_CTX_set_options () or SSL_set_options (Functions) Using these options, you can select eg. SSLv23_server_method () and be able to negotiate with all possible clients, but only allow new protocols such as TLSv1, TLSv1.1 or TLS v1.2.

Applications that never want to support SSLv2 (even this cipher string is configured to use SSLv2 ciphersuites) can set SSL_OP_NO_SSLv2.