On 13/11/2015 03:56, pratyush parimal wrote: > Hi, > > I'm writing a client-server program that uses TLS for communication. > I'm wondering if there's any way to programmatically find out which > TLS protocol versions are supported by the OpenSSL library installed > on my system. > > I'm currently aware of three ways which "sort of" provide this > information: > (1) After setting up the TLS communication, call: > SSL_get_version(ssl); which returns "TLSV1.2", etc. > (2) Try to connect to a server using TLS by specifying all possible > TLS versions in the client program, and see which connections pass/fail. > (3) Call: SSL_get_ciphers(), print their names, and try to correlate > them with the protocol they're associated with. > > Unfortunately, none of the above answer my question completely. > > So is it possible to ascertain which TLS protocol versions are > actually supported by my server-program, without trying the above > methods? My purpose is not to simply make a list for my own reference, > but rather finding it out on-the-fly in the server-side program, since > I may run it on different versions of OpenSSL. > If there is no suitable direct API, the following might still be helpful: (4) Get the OpenSSL library version directly and compare to the known version ranges supporting different SSL/TLS versions. (5) Looking for ways to determine the configure options used when the SSL library was built (in particular if it was compiled without some SSL/TLS versions supported in the source code of that version). Enjoy Jakob -- Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10 This public discussion message is non-binding and may contain errors. WiseMo - Remote Service Management for PCs, Phones and Embedded -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20151113/78275172/attachment.html>
