On 28/08/2019 13:46, Dan Heinz wrote: > We're moving from the 1.0.x branch to the 1.1.1 branch of OpenSSL. When > building OpenSSL 1.1.1c, I get an error that there is not an enable-tlsext > configuration parameter. I can't seem to find any information on when or why > this was removed. Is this enabled by default now? > It was always enabled by default (at least for all recent OpenSSL versions - I can't speak for ancient ones). In 1.0.2 you could disable extensions support with disable-tlsext. TLSv1.2 will *work* without extensions but it really is not recommended. TLSv1.3 requires extensions. There really is no reason to disable them, and it added significant maintenance overhead keeping that option working - so it was removed in 1.1.0. Matt
