On Sat, Jan 16, 2016 at 10:57:46AM +0000, Diganta Bhattacharjee wrote: > > I am looking at (query about) updating a TLS 1.1 solution based on OpenSSL 1.0.1b to TLS 1.2. I understand the latest OpenSSL 1.0.2 supports TLS 1.2. At first look I believe if we replace the OpenSSL 1.0.1 with OpenSSL 1.0.2 it should automatically update the TLS to 1.2 versions. That is there should not be any need to do any code changes in application as there is no major changes in API between OpenSSL version 1.0.1 and 1.0.2. > Can anyone please comment on my above understanding? I am new at OpenSSL and do not have hands-on experience on using OpenSSL for TLS hence looking for comments to understand what the risks in such update. The 1.0.1 versions already supported TLS 1.2. If you're getting TLS 1.1 it might mean that you compiled it with the option not to support TLS 1.2 as client. At the time there were servers that had a problem with clients that supported TLS 1.2, but most of that should have been fixed. Upgrading to the 1.0.2 version should also just work because the API is compatible. I would also recommend that you keep more up to date with OpenSSL versions, the 1.0.1b version has various securities issues in it that were fixed in later versions. Kurt
