SSL_CTX_set_ssl_version changes security level
NAKANO Takuho
takotakot+openssl at gmail.com
Mon May 11 08:01:27 UTC 2020
Hello,
I've found SSL_CTX_set_ssl_version changes security level:
=====
int main(void){
int i;
struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method());
printf("seclevel: %d\n", SSL_CTX_get_security_level(ctx));
// 0--5 any
i = SSL_CTX_set_ssl_version(ctx, SSLv23_client_method());
printf("SSL_CTX_set_ssl_version result: %d\n", i);
// i ==1; success
printf("seclevel: %d\n", SSL_CTX_get_security_level(ctx));
// result 2
return 0;
}
=====
OS: CentOS 8
OpenSSL 1.1.1c FIPS 28 May 2019
Are there any reasons?
I know SSLv23_method is deprecated. That does not matter.
Regards,
Takuho
More information about the openssl-users
mailing list