Re: TLS Version in Record Layer using OpenSSL 1.1.1

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jun 02, 2023 at 11:22:18PM +0000, Michael Lee via openssl-users wrote:

> Regarding your remark from https://mta.openssl.org/pipermail/openssl-users/2020-October/013081.html
> Basically the record version is never greater than TLSv1.2. If we're in
> an initial ClientHello (not a renegotiation or an HRR) and the max
> version is > TLSv1.0 then the record version is fixed at TLSv1.0 for the
> ClientHello record.
> 
> Do you know if this "fixed at TLSv1.0" restriction is relaxed with OpenSSL 3?
> We have packets that are being blocked by firewall due to the TLS 1.0 signature.
> We desperately need to change the Record Layer version to TLS 1.2 somehow.

The behaviour has not changed.  Even OpenSSL 3.2-dev will use TLSv1 at
the record layer in an initial client hello,  and even with MinProtocol
set to TLSv1.2.

The problem is the firewall.  Your attention should be directed there.

-- 
    Viktor.



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux