SSL_CTX_set_ssl_version changes security level

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I've found SSL_CTX_set_ssl_version changes security level:

=====
int main(void){
  int i;
  struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method());

  printf("seclevel: %d\n", SSL_CTX_get_security_level(ctx));
  // 0--5 any

  i = SSL_CTX_set_ssl_version(ctx, SSLv23_client_method());
  printf("SSL_CTX_set_ssl_version result: %d\n", i);
  // i ==1; success

  printf("seclevel: %d\n", SSL_CTX_get_security_level(ctx));
  // result 2

  return 0;
}
=====

OS: CentOS 8
OpenSSL 1.1.1c FIPS  28 May 2019

Are there any reasons?
I know SSLv23_method is deprecated. That does not matter.

Regards,
Takuho
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux