SSL_CTX_set_ssl_version changes security level

NAKANO Takuho Mon, 11 May 2020 01:03:17 -0700

Hello,

I've found SSL_CTX_set_ssl_version changes security level:


=====
int main(void){
  int i;
  struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method());

  printf("seclevel: %d\n", SSL_CTX_get_security_level(ctx));
  // 0--5 any

  i = SSL_CTX_set_ssl_version(ctx, SSLv23_client_method());
  printf("SSL_CTX_set_ssl_version result: %d\n", i);
  // i ==1; success

  printf("seclevel: %d\n", SSL_CTX_get_security_level(ctx));
  // result 2

  return 0;
}
=====

OS: CentOS 8
OpenSSL 1.1.1c FIPS  28 May 2019

Are there any reasons?
I know SSLv23_method is deprecated. That does not matter.

Regards,
Takuho

SSL_CTX_set_ssl_version changes security level

Reply via email to