After experimenting some more I think I resolved this. It seems that specifying SSLv23_client_method(), in conjunction with SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3, actually does send a TLSv1 handshake record, with {3,3} in the ClientHello.
What confused me was that the docs for SSLv23_client_method() say "A client will send out SSLv2 client hello messages". It does not say that when you use SSL_OP_NO_SSLv2 that it actually sends a TLS 1.0 handshake message (as long as any TLS version is allowed but even if SSLv3 is enabled). So in my case SSLv23_client_method() with SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3 does the trick. .................................... Erik Tkal Juniper OAC/UAC/Pulse Development -----Original Message----- From: owner-openssl-...@openssl.org [mailto:owner-openssl-...@openssl.org] On Behalf Of Erik Tkal Sent: Thursday, August 30, 2012 4:02 PM To: openssl-dev@openssl.org Subject: FW: Negotiating TLS 1.0 from 1.2 Reposting in openssl-dev. Is this a bug or an oversight or an intentional omission? Or am I just not doing something right? If I modify s3_pkt.c in ssl3_get_record() to not fail out but to just change the version in the SSL session then it seems to work ok. -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Erik Tkal Sent: Wednesday, August 29, 2012 2:48 PM To: openssl-us...@openssl.org Subject: RE: Negotiating TLS 1.0 from 1.2 TLS 1.1 would be acceptable, but the server is 1.0 (we don't have any implementing 1.1). The server sends a TLS 1.0 ServerHello, which per the RFC should work: A TLS 1.2 client who wishes to negotiate with such older servers will send a normal TLS 1.2 ClientHello, containing { 3, 3 } (TLS 1.2) in ClientHello.client_version. If the server does not support this version, it will respond with a ServerHello containing an older version number. If the client agrees to use this version, the negotiation will proceed as appropriate for the negotiated protocol. What I'm trying to figure out is how to tell OpenSSL that the client agrees to use this version, whereas now it generates a fatal alert. I cannot use an SSLv2 handshake, as this is inside EAP-TLS. .................................... Erik Tkal Juniper OAC/UAC/Pulse Development -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Abhiram Shandilya Sent: Wednesday, August 29, 2012 2:38 PM To: openssl-us...@openssl.org Subject: RE: Negotiating TLS 1.0 from 1.2 Hi Erik: If you only want to allow TLSv1.2 and TLSv1.0 handshakes you will need to try a connection with the TLSv1_2_client_method and then by TLSv1_client_method. You can also use SSLv23_client_method to negotiate only TLSv1.2 and TLSv1.0 using an SSLv2 handshake by explicitly disabling SSLv2, SSLv3 and TLSv1.1 using SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TLSv1_1). At least that's my understanding. Regards Abhi -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Erik Tkal Sent: Wednesday, August 29, 2012 10:47 AM To: openssl-us...@openssl.org Subject: Negotiating TLS 1.0 from 1.2 I have a client that I want to attempt to negotiate TLS 1.2 but will accept TLS 1.0. What is the magic incantation (e.g. TLSv1_client_method() vs TLSv1_2_client_method() in conjunction with what options)? Specifying TLSv1_client_method() seems to only offer TLS 1.0 {3,1}. Specifying TLSv1_2_client_method() offers TLS 1.2 {3,3}, but then when the server returns a TLS 1.0 {3,1} ServerHello, the client generates a Protocol Version alert. How do I tell the client that this is acceptable? Appendix E of RFC 5246 indicates this should be possible. I am using OpenSSL 1.0.1c. .................................... Erik Tkal Juniper OAC/UAC/Pulse Development ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org