Re: Disable/Enable TLS versions for all connections at runtime

Dan S <danchik@xxxxxxxxxxxxx> · Wed, 16 Nov 2016 15:22:09 -0800

I thought there is anything that would stop you from compiling with everything and make choices at run time, (TLSv1_2_method, TLSv1_1_method, TLSv1_method, SSLv23_method etc... just set the right flags and cyphers)

On Wed, Nov 16, 2016 at 2:58 PM, Craig_Weeks@xxxxxxxxxxxxxx <Craig_Weeks@xxxxxxxxxxxxxx> wrote:

I am an OpenSSL neophyte, so please bear with me if the answer is obvious in the documentation.

Our product is going to provide runtime options to the user to enable and disable TLS 1.0, 1.1 and 1.2 in a discrete manner. For example: today enable 1.0 and 1.2, disable 1.1; tomorrow enable 1.1 and 1.2, disable 1.0.

How do I use the available APIs to toggle the availability of these versions of TLS at runtime (as opposed to some compile time switch that permanently removes support for 1 or more versions)? I want these settings to apply to all new connections
 after they have been enabled or disabled.

Craig Weeks
| Senior Software Engineer, Support Response Team (SRT)

craig_weeks@xxxxxxxxxxxxxx

14231 Tandem Blvd, Austin TX 78728

www.trendmicro.com

TREND MICRO EMAIL NOTICE
The information contained in this email and any attachments is confidential 
and may be subject to copyright or other intellectual property protection. 
If you are not the intended recipient, you are not authorized to use or 
disclose this information, and we request that you notify us by reply mail or
telephone and delete the original message from your mail system.

--

openssl-users mailing list

To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users