Yes, TLSv1_client_method() is deprecated for exactly this reason.
Regards
Matt
On 12/07/2023 10:54, kgoudra@xxxxxxx wrote:
Hi,
Just noticed we are passing TLSv1_client_method().
I changed it to TLS_client_method() now, after which I am able to make connection with TLSv1.3
Thanks for your guidance!
Thanks
-----Original Message-----
From: openssl-users <openssl-users-bounces@xxxxxxxxxxx> On Behalf Of Matt Caswell
Sent: Wednesday, July 12, 2023 3:11 AM
To: openssl-users@xxxxxxxxxxx
Subject: [EXTERNAL] Re: Openssl TLSv1.3 ciphers failing during handshake
CAUTION! This email originated outside of the organization. Please do not open attachments or click links from an unknown or suspicious origin.
======================================================================
On 12/07/2023 09:06, kgoudra--- via openssl-users wrote:
139821832050432:error:141A90B5:SSL
routines:ssl_cipher_list_to_bytes:no
ciphers available:ssl/statem/statem_clnt.c:3802:No ciphers enabled for
max supported SSL/TLS version
This tells us that it thinks you have not configured any ciphers suitable for the highest TLS protocol version it thinks it can use.
*const char *cipher_list =
"TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_S
HA256";*
*SSL_CTX_set_cipher_list(pCtx, "");*
*SSL_CTX_set_ciphersuites(pCtx, cipher_list);*
This disables all ciphers for <= TLSv1.2 - which would be consistent with the above error message if it believes that the highest protocol version it supports is <= TLSv1.2.
What SSL_METHOD are you using in the client when you create the SSL_CTX?
i.e. what parameter do you pass to `SSL_CTX_new()`?
Matt
