TLSv1.0 on OpenSSL 3.0-API

Yuko Doki (Fujitsu) doki.yuko at fujitsu.com
Fri Apr 5 05:55:22 UTC 2024


Hello OpenSSL users' community,
This is my first time posting.

I am developing an application using the OpenSSL API library.
And now I'm trying to migrate from OpenSSL 1.1.1 to 3.0.

The application supports TLS protocol versions from TLSv1.0 to 1.3, 
but with OpenSSL 3.0, TLSv1.0 and TLSv1.1 resulted in a handshake error.

The errors are as follows.
[client side]
  error:0A000438:SSL routines::tlsv1 alert internal error
[server side]
  error:0A000076:SSL routines::no suitable signature algorithm

The TLS protocol version is set using the following functions.
  SSL_CTX_set_min_proto_version()
  SSL_CTX_set_max_proto_version()
No cipher suite is set. (Automatically selected by OpenSSL.)

This implementation worked fine with OpenSSL 1.1.1. 
Is OpenSSL 3.0 not supporting these protocol versions?
I would appreciate any advice on how to use TLSv1.0 or TLSv1.1 with OpenSSL 3.0.

In addition, the operating environment is as follows.
OS: Red Hat Enterprise Linux release 9.3
OpenSSL : OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)

Kind regards,
Yuko Doki


More information about the openssl-users mailing list