On Thu, 1 Dec 2016, Quanah Gibson-Mount wrote:
...
> There is not, as far as I know, any way to fine tune things beyond this
> (I.e., accept TLS 1.1 and TLS 1.3, but not TLS 1.2).
Right, because the on-the-wire protocol itself just carries a single
version number, so if a client only supports a discontiguous set of
versions then negotiation can fail despite there being a common supported
version. Indeed, recent enough releases of OpenSSL automatically prevent
that on the client side:
/*
* SSL_OP_NO_X disables all protocols above X *if* there are
* some protocols below X enabled. This is required in order
* to maintain "version capability" vector contiguous. So
* that if application wants to disable TLS1.0 in favour of
* TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the
* answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.
*/
And now in OpenSSL 1.1.0 the use of the SSL_OP_NO_TLSv1* options is
deprecated in favor of new SSL_CTX_set_{min,max}_proto_version() APIs,
making it impossible at the API level to specify discontiguous sets of
versions.
Philip Guenther
