On Tue, May 26, 2026 at 05:14:42PM +0200, Stéphane Glondu wrote:
> Le 26/05/2026 à 13:27, Sebastian Andrzej Siewior a écrit :
> > > Source: ocaml-conduit
> >
> > > ocaml-conduit (8.0.0-3) unstable; urgency=medium
> > > .
> > > * Use TLSv1 in default context (Closes: #1137561)
> >
> > The change is
> >
> > | - let ctx = Ssl.create_context Ssl.SSLv23 Ssl.Client_context in
> > | + let ctx = Ssl.create_context Ssl.TLSv1 Ssl.Client_context in
> >
> > I have no idea what it does. If this points to something like
> > SSLv23_method() then this one used to create a TLS connection with the
> > highest possible TLS protocol version where TLSv1_method() restricits it
> > to TLSv1 only. A proper replacement would be TLS_method() which is also
> > available in the openssl 3.x series.
>
> After digging, TLS_method() is indeed used, the relevant lines triggered by
> this change are in ocaml-ssl/ssl_stubs.c/set_protocol:
>
> > case 2:
> > if (!SSL_CTX_set_min_proto_version(ssl_context, TLS1_VERSION) ||
> > !SSL_CTX_set_max_proto_version(ssl_context, TLS1_VERSION)) {
> > caml_acquire_runtime_system();
> > caml_invalid_argument("Failed to set protocol to TLSv1");
> > }
> > break;
>
> I don't know why proto_version is set to such a narrow interval, it looks
> unfortunate... I don't know much OpenSSL's API, is that OK?
Looking at the ocaml-ssl source, this is not good...
Ssl.SSLv23 triggers the case 0: branch which does:
SSL_CTX_set_min_proto_version(ssl_context, SSL3_VERSION)
SSL_CTX_set_max_proto_version(ssl_context, max_proto)
where max_proto = TLS1_3_VERSION
which is almost what you really want. Restricting to TLS1.0 as now
done with Ssl.TLSv1 is bad for a multitude of reasons including that
it probably doesn't work against any modern server.
So maybe ocaml-ssl should keep the "SSLv23" branch and just stop
calling SSL_CTX_set_min_proto_version. Or stop calling both min/max
and let openssl decide?
Chris
