Using SSL_CTX_set_min_proto_version

Tamara Kogan tkogan at cincom.com
Tue Apr 6 17:45:08 UTC 2021


Hello,

 In our client application we are trying to set TLS 1.2 in ClientHello message. The OpenSSL version is 1.1.1h
We use the function
SSL_CTX_set_min_proto_version(ssl->ctx, TLS1_2_VERSION);
If I test the version right after setting it does return 1.2
SSL_CTX_get_proto_version(ssl->ctx) == TLS1_2_VERSION

But the ClientHello is still created with TLS 1.0
(16 03 01 01 42…)

Any explanation why the ClientHello message ignores min TLS version?
Any suggestion how to enforce 1.2 version?

Thanks,
Tamara



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20210406/e677987d/attachment.html>


More information about the openssl-users mailing list