On 18/09/2015 18:05, zosrothko wrote:
> Hi
>
> is there a way to know the supported TLS protocols from the
> OPENSSL_VERSION_NUMBER (specifically, the TLSv1_1 and TLSv1_2?
>
> For exemple, I have a code that is using TLSv1_1_client_method &
> TLSv1_1_server_method for a OPENSSL_VERSION_NUMBER = 0x1000201fL, but
> I need to protect those TLSv1_1 and TLSv1_2 entry points references
> when my code is ported toward a previous version of OpenSSL that does
> not support those TLS versions as the 1.0.0k version .
>
> Since there is no OPEN_SSL_NO_TLSv1_1 constant nor OPEN_SSL_NO_TLSv1_2
> constant in the ssl.h(1.0.0k), I would like to use the
> OPENSSL_VERSION_NUMBER to protect the references.
>
The numeric value of OPENSSL_VERSION_NUMBER maps directly
to the textual version number ("1.0.0k"), a look in the
official changelogs for each branch (0.9.8, 1.0.0, 1.0.1,
1.0.2, 1.1.0 etc.) to see at which comparison limits any given
feature was installed.
Or, since you are using the version number of the header
files, not the version of the runtime shared library, you
can simply use ifdef tests for relevant defines existing,
e.g.
#if defined(SSL_OP_NO_TLSv1_1) && !defined(OPENSSL_NO_TLS1)
/* SSL_OP_NO_TLSv1_1 is defined in ssl.h if the library version
* supports TLSv1.1 .
*
* OPENSSL_NO_TLS1 is defined in opensslconf.h or on the
* compiler command line if TLS1.x was removed at OpenSSL
* library build time via Configure options.
*/
/* Code that requires headers from a TLSv1.1 capable OpenSSL
* goes here.
*/
#endif
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 S?borg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150918/02388504/attachment.html>
