On Thursday, 11 April 2019 15:25:51 CEST Chethan Kumar wrote: > Adding to previous mail, > We tried -DSSL_OP_NO_TLSv1 -DSSL_OP_NO_TLSv1_1 along with disabling SSLv2 > and v1 but still client hello is sent using min and max as TLS1.0 and > TLS1.2. there is no "min" version in Client Hello, the version in record layer is irrelevant and used only for backwards compatibility *NOT* for negotiation > Any idea what is wrong in our options and what should be used instead.? compile an openssl server with TLS 1.1 enabled, run openssl s_server -tls1_1 to enable just TLS 1.1 and see if your production compile can connect > Thanks in advance, > Chethan Kumar > > From: openssl-users [mailto:openssl-users-bounces@xxxxxxxxxxx] On Behalf Of > Chethan Kumar Sent: Thursday, April 11, 2019 4:25 PM > To: openssl-users@xxxxxxxxxxx > Subject: How to disable tls 1.0 and tls 1.1 > > Dear all, > > Kindly help me out in knowing how to disable TLS1.0 and TLS1.1 while > compiling openssl package. I am using 1.0.2n openssl version and disabled > SSLv1 and v2 using -DSSL_OP_NO_SSLv2, -DOPENSSL_NO_SSL3 and > -DOPENSSL_NO_SSL2. > > I also have a doubt on difference between -DSSL_OP_NO_SSLv2, > -DOPENSSL_NO_SSL3 and -DOPENSSL_NO_SSL2. Can someone please explain the > difference. > > Thanks in advance, > Chethan Kumar > > > The information contained in this e-mail message and in any > attachments/annexure/appendices is confidential to the recipient and may > contain privileged information. If you are not the intended recipient, > please notify the sender and delete the message along with any > attachments/annexure/appendices. You should not disclose, copy or otherwise > use the information contained in the message or any annexure. Any views > expressed in this e-mail are those of the individual sender except where > the sender specifically states them to be the views of Toshiba Software > India Pvt. Ltd. (TSIP),Bangalore. > Although this transmission and any attachments are believed to be free of > any virus or other defect that might affect any computer system into which > it is received and opened, it is the responsibility of the recipient to > ensure that it is virus free and no responsibility is accepted by Toshiba > Software India Pvt. Ltd, for any loss or damage arising in any way from its > use. The information contained in this e-mail message and in any > attachments/annexure/appendices is confidential to the > recipient and may contain privileged information. > If you are not the intended recipient, please notify the > sender and delete the message along with any > attachments/annexure/appendices. You should not disclose, > copy or otherwise use the information contained in the > message or any annexure. Any views expressed in this e-mail > are those of the individual sender except where the sender > specifically states them to be the views of > Toshiba Software India Pvt. Ltd. (TSIP),Bangalore. > > Although this transmission and any attachments are believed to be > free of any virus or other defect that might affect any computer > system into which it is received and opened, it is the responsibility > of the recipient to ensure that it is virus free and no responsibility > is accepted by Toshiba Embedded Software India Pvt. Ltd, for any loss or > damage arising in any way from its use. -- Regards, Hubert Kario Senior Quality Engineer, QE BaseOS Security team Web: www.cz.redhat.com Red Hat Czech s.r.o., Purkyňova 115, 612 00 Brno, Czech Republic
Attachment:
signature.asc
Description: This is a digitally signed message part.