Hello, I was wondering if there was any effort to make progress in separating the SECLEVEL directive into AUTHSECLEVEL and TLSSECLEVEL as described in $openssl/ssl/ssl_cert.c's ssl_verify_cert_chain() function. I found a post from 2016 on this mailing list about this:
https://mta.openssl.org/pipermail/openssl-users/2016-May/003768.html I have a use case where I need to enable Mutual TLS authentication for hardware clients that have immutable manufacturer-signed certificates. Some of those certificates are signed with MD5, but I don't know which ones beforehand, and I'd rather not have SECLEVEL=0 compromise the allowable ciphers in the TLS connection. [re MD5 insecurity in auth: I already have application-layer authentication (e.g. HTTPS Bearer auth), and I'm not looking to replace that with Mutual TLS - I do need to opportunistically gather other information from the client certs though.] In the meantime, if my only option is to use SECLEVEL=0, I think I'd need to do some application-layer enforcement of TLS parameters. I suppose I could enforce ciphers by using SSL_get_cipher_name(). Are there other parameters that you recommend I enforce at the application layer? Is it possible to reach parity with "SECLEVEL=1" behavior this way? Are there any other downsides or issues to be aware of with this approach? Many thanks! Armen
