Ssleay32.dll does not export TLS_method

I would like to configure my application to auto-negotiate the highest version.

Use the following code from SSL / TLS Client on the OpenSSL wiki:

const SSL_METHOD* method = SSLv23_method();
if(method == NULL) handleFailure();

ctx = SSL_CTX_new(method);
if(ctx == NULL) handleFailure();

/* Cannot fail ??? */
const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION;
SSL_CTX_set_options(ctx, flags);

      

        
        
        
      

    

It gets you "TLS 1.0 and up".

Note that the lower bound does provide a TLS 1.0 version of the TLS record. The upper bound is the client version of TLS TLS 1.2. The recording layer carries the encrypted payload. And it SSLv23_method

gets you ClientHello

in a specific format (for SSLv3 and above).

Assuming the lower bound from the record level version is how most people use it, but not how the standard is written. And the TLS Working Group seems to be refusing to provide it that way. An effective argument is "suppose the client wants to use TLS 1.0, 1.2, and 1.3, but not 1.1". I don't know anyone who refuses to use this version of the protocol, so for me it's just straw.

You can learn more about this in one of the answers Check server security protocol using openssl .

Related, you should use this list of cipher suites:

const char* const PREFERRED_CIPHERS = "HIGH:!aNULL:!MD5:!RC4";
res = SSL_set_cipher_list(ssl, PREFERRED_CIPHERS);
if(res != 1) handleFailure();

      

        
        
        
      

    

In fact, RSA key transfer is no longer supported by the security community, so when using a certificate with an RSA key, it might be a better choice:

"HIGH:!aNULL:!MD5:!RC4:!kRSA";

      

        
        
        
      

    

The encryption string will provide mostly modern security, and it will avoid the outdated cryptographic warning .