On Thu, 1 Dec 2016, Quanah Gibson-Mount wrote:
> There is not, as far as I know, any way to fine tune things beyond this 
> (I.e., accept TLS 1.1 and TLS 1.3, but not TLS 1.2).

Right, because the on-the-wire protocol itself just carries a single 
version number, so if a client only supports a discontiguous set of 
versions then negotiation can fail despite there being a common supported 
version.  Indeed, recent enough releases of OpenSSL automatically prevent 
that on the client side:
     * SSL_OP_NO_X disables all protocols above X *if* there are
     * some protocols below X enabled. This is required in order
     * to maintain "version capability" vector contiguous. So
     * that if application wants to disable TLS1.0 in favour of
     * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the
     * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2.

And now in OpenSSL 1.1.0 the use of the SSL_OP_NO_TLSv1* options is 
deprecated in favor of new SSL_CTX_set_{min,max}_proto_version() APIs, 
making it impossible at the API level to specify discontiguous sets of 

Philip Guenther

Reply via email to