TLSv1.0 on OpenSSL 3.0-API

Tomas Mraz tomas at openssl.org
Fri Apr 5 06:47:26 UTC 2024


These versions require SHA1 to operate. However security bits for this
algorithm was downgraded due to the known weaknesses and collision
attacks. For that reason you have to use @SECLEVEL=0 in the cipher
string or call SSL_CTX_set_security_level() to make TLS-1.0 and 1.1
work.
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_security_level.html


Regards,

Tomas Mraz, OpenSSL

On Fri, 2024-04-05 at 05:55 +0000, Yuko Doki (Fujitsu) via openssl-
users wrote:
> Hello OpenSSL users' community,
> This is my first time posting.
> 
> I am developing an application using the OpenSSL API library.
> And now I'm trying to migrate from OpenSSL 1.1.1 to 3.0.
> 
> The application supports TLS protocol versions from TLSv1.0 to 1.3, 
> but with OpenSSL 3.0, TLSv1.0 and TLSv1.1 resulted in a handshake
> error.
> 
> The errors are as follows.
> [client side]
>   error:0A000438:SSL routines::tlsv1 alert internal error
> [server side]
>   error:0A000076:SSL routines::no suitable signature algorithm
> 
> The TLS protocol version is set using the following functions.
>   SSL_CTX_set_min_proto_version()
>   SSL_CTX_set_max_proto_version()
> No cipher suite is set. (Automatically selected by OpenSSL.)
> 
> This implementation worked fine with OpenSSL 1.1.1. 
> Is OpenSSL 3.0 not supporting these protocol versions?
> I would appreciate any advice on how to use TLSv1.0 or TLSv1.1 with
> OpenSSL 3.0.
> 
> In addition, the operating environment is as follows.
> OS: Red Hat Enterprise Linux release 9.3
> OpenSSL : OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov
> 2022)
> 
> Kind regards,
> Yuko Doki
> 

-- 
Tomáš Mráz, OpenSSL



More information about the openssl-users mailing list