I need to verify a few things, but I believe it is to do with chiphersuites, seclevel callback, and protocol versions.
When setting chiphersuite string ; or changing security level; or changing the security level callback; or setting min/mas protocol versions. All of those things are not checked against each other to ensure that as whole they are compatible with each. Then at connection establishment time things are verified and security callback is called and things go "you request max version y, but security hook rejects things at y, no connection for you". This does brings the existential/API question similar to the previous bug report. It is not known over the API that security level is 2 and that it rejects protocol versions. I wonder, if setting min_version / max_version, that would be rejected by the current security level, if security level should be adjusted appropriately automatically. I.e. when trying to set min protocol version to TLS1.1 and the security level is at 2, if security level should be updated to 1 automatically. Or not. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1917625 Title: OpenSSL TLS 1.1 handshake fails internal error To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1917625/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
