On 04/07/2019 09:09, syed moulana via openssl-users wrote: > Are we expect to loose the TLS_1.3 security capability if we configure the > openssl-1.1.1b security level to -DOPENSSL_TLS_SECURITY_LEVEL=0 ? > or > in other words, does it makes TLS_1.3 backwards compatible ? > or > we are not using TLS_1.3 if we configure like this. That define should have no impact at all on whether TLSv1.3 is available or not. Setting the default security level to 0 (instead of the default which is 1), will mean that parameters offering less that 80 "security bits" are allowed. For example DH keys shorter than 1024 bits would be accepted, as would ECC keys shorter than 160 bits. TLSv1.3 imposes its own limits irrespective of the security level. So for DH and ECC you are only allowed to use specific parameters which would always give you keys that are greater than the above anyway. Where TLSv1.3 is more restrictive than the specified security level, then the TLSv1.3 restrictions still apply. Having said all of that I would advise against setting this define at all. The default is 1 for a reason. Allowing weaker security than that is usually a bad idea. Matt
