|
Hi,
On 31/01/22 10:27, Srinivas, Saketh (c) wrote:
The effect of SSL_CTX_set_min_proto_version and SSL_set_min_proto_version is exactly the same - it sets the minimum TLS/SSL proto version to be used during the client/server handshake (exchange of "hello" messages). The TLS/SSL version mentioned during "content type = handshake" is known as the record layer version number. If you read the TLS 1.2 spec (https://datatracker.ietf.org/doc/html/rfc5246) you will find " Earlier versions of the TLS specification were not fully clear on what the record layer version number (TLSPlaintext.version) should contain when sending ClientHello (i.e., before it is known which version of the protocol will be employed). Thus, TLS servers compliant with this specification MUST accept any value {03,XX} as the record layer version number for ClientHello. " Check out this snippet of code (line numbers are from openssl 1.1.1k, file "ssl/record/rec_layer_s3.c"): 849 /* 850 * Some servers hang if initial client hello is larger than 256 bytes 851 * and record version number > TLS 1.0 852 */ 853 if (SSL_get_state(s) == TLS_ST_CW_CLNT_HELLO 854 && !s->renegotiate 855 && TLS1_get_version(s) > TLS1_VERSION 856 && s->hello_retry_request == SSL_HRR_NONE) 857 version = TLS1_VERSION; 858 SSL3_RECORD_set_rec_version(thiswr, version); which shows that OpenSSL explicitly sets the *record* version number to TLS 1.0 ; one could argue whether such buggy servers still exist and whether there should be an option to overrule the above behaviour. Thus, this is not affected by any calls to SSL_CTX_set_min_proto_version or SSL_set_min_proto_version. However, the above is safe in terms of "it works with buggy servers" as well as safe in terms of "the connection *will* use tls 1.2+ if I call SSL_{ctx_}set_min_proto_version" so why change? Hope this clarifies things, JJK / Jan Just Keijser |
