Hello, I'm usinng OpenSSL 1.0.1c in my Server application. This application can be configured to disallow accepting certain SSL/TLS protocols.
If only TLS1.2 shall be allowed, the application calls
meth=(SSL_METHOD*) SSLv23_server_method();
OpenSSLctx=SSL_CTX_new(meth);
.....
SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_SSLv2); // never use SSL2
if (!allowed_ssl3)
SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_SSLv3);
if (!allowed_tls1)
SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_TLSv1);
if (!allowed_tls11)
SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_TLSv1_1);
if (!allowed_tls12)
SSL_CTX_set_options(OpenSSLctx, SSL_OP_NO_TLSv1_2);
....
In the case where:
allowed_ssl3 = allowed_tls1 = allowed_tls11 = FALSE and allowed_tls12 =
TRUE
I'd expect that I cannot establish a TLS11 connection, but it does
Same is true if only SSLv3 or TLSv10 is allowed.
Am I doing something wrong?
Mit freundlichen Grüßen/Regards
Gerhard Jahn
Tel.: +49 (89) 636-44657
Tel.: +49 (211) 399 22891
Fax: +49 (89) 636-45860
mailto:gerhard.j...@atos.net
Otto-Hahn-Ring 6
81739 München, Deutschland
Germany
atos.net
Atos IT Solutions and Services GmbH
Geschäftsführung: Winfried Holz, Udo Littke; Vorsitzender des Aufsichtsrats:
Charles Dehelly;
Sitz der Gesellschaft: München, Deutschland; Registergericht: München, HRB
184933.
Atos IT Solutions and Services GmbH, Legal Form: Limited Liability Company
[GmbH];
Managing Directors: Winfried Holz, Udo Littke; Chairman of the Supervisory
Board: Charles Dehelly;
Registered Office: Munich, Germany; District Court: Munich, HRB 184933.
<<inline: ATT84871 1.jpg>>
<<inline: ATT97807 2.jpg>>
