[openssl-dev] OpenSSL 1.1.0-pre4 change in SSL_get_version() return value

Jouni Malinen j at w1.fi
Wed Mar 16 22:37:41 UTC 2016

Was the SSL_get_version() behavior changed on purpose in the Beta 1
release? This function used to return "TLSv1" when TLS v1.0 was used
while it is now in Beta 1 returning "TLSv1.0" for that case. This type
of unexpected change in the API can break existing users of the
function. As an example, wpa_supplicant exposes this string to external
components to allow them to do things based on which TLS version is
used. It is unknown to me whether there are any such component that
could fail due to this change, but at least this broke one of the
regression test cases due to the unexpected value.

The commit 7d65007238e86e59fcf31d23fcefa01e3b30cc37 ('Make function to
convert version to string') seems to claim to be more or less cleanup to
use a shared function for doing the conversion. However, it changes the
return value for TLS1_VERSION for both SSL_get_version() and
SSL_SESSION_print(). In addition to that, it seems to be changing
DTL1_BAD_VER value for SSL_SESSION_print().

It should also be noted that the new implementation does not match the
man page for SSL_get_version():

Jouni Malinen                                            PGP id EFC895FA

More information about the openssl-dev mailing list