[EXTERNAL] Re: TLS Version in Record Layer using OpenSSL 1.1.1

Viktor Dukhovni openssl-users at dukhovni.org
Sat Jun 3 01:54:48 UTC 2023


On Sat, Jun 03, 2023 at 01:40:18AM +0000, Michael Lee via openssl-users wrote:

> The problem is that TLS 1.0 is considered insecure and thus getting
> "deprecated" in many situations (e.g.
> https://aws.amazon.com/blogs/security/tls-1-2-required-for-aws-endpoints/)
> despite its presence being allowed in the protocol standard.  Thus, we
> have end users that are instituting firewall rules to block packets
> upon detecting presence of TLS 1.0...  

The firewall rules in question are broken.  TLS record layer version is
not the protocol version.  There are no security issues with the TLS 1.0
record layer, it is essentially the same as the TLS 1.2 record layer.

-- 
    Viktor.


More information about the openssl-users mailing list