[openssl-users] Updating TLS1.1 to TLS1.2

Kurt Roeckx kurt at roeckx.be
Sat Jan 16 12:19:00 UTC 2016


On Sat, Jan 16, 2016 at 10:57:46AM +0000, Diganta Bhattacharjee wrote:
> 
> I am looking at (query about) updating a TLS 1.1 solution based on OpenSSL 1.0.1b to TLS 1.2. I understand the latest OpenSSL 1.0.2 supports TLS 1.2. At first look I believe if we replace the OpenSSL 1.0.1 with OpenSSL 1.0.2 it should automatically update the TLS to 1.2 versions. That is there should not be any need to do any code changes in application as there is no major changes in API between OpenSSL version 1.0.1 and 1.0.2.
> Can anyone please comment on my above understanding? I am new at OpenSSL and do not have hands-on experience on using OpenSSL for TLS hence looking for comments to understand what the risks in such update.

The 1.0.1 versions already supported TLS 1.2.  If you're getting
TLS 1.1 it might mean that you compiled it with the option not to
support TLS 1.2 as client.  At the time there were servers that
had a problem with clients that supported TLS 1.2, but most of
that should have been fixed.

Upgrading to the 1.0.2 version should also just work because the
API is compatible.

I would also recommend that you keep more up to date with OpenSSL
versions, the 1.0.1b version has various securities issues in it
that were fixed in later versions.


Kurt



More information about the openssl-users mailing list