Using SSL_CTX_set_min_proto_version
Tamara Kogan
tkogan at cincom.com
Tue Apr 6 17:45:08 UTC 2021
Hello,
In our client application we are trying to set TLS 1.2 in ClientHello message. The OpenSSL version is 1.1.1h
We use the function
SSL_CTX_set_min_proto_version(ssl->ctx, TLS1_2_VERSION);
If I test the version right after setting it does return 1.2
SSL_CTX_get_proto_version(ssl->ctx) == TLS1_2_VERSION
But the ClientHello is still created with TLS 1.0
(16 03 01 01 42…)
Any explanation why the ClientHello message ignores min TLS version?
Any suggestion how to enforce 1.2 version?
Thanks,
Tamara
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210406/e677987d/attachment.html>
More information about the openssl-users
mailing list