[openssl-dev] OpenSSL 1.1.0-pre4 change in SSL_get_version() return value

Hubert Kario hkario at redhat.com
Fri Mar 18 16:20:26 UTC 2016

On Wednesday 16 March 2016 20:40:42 Viktor Dukhovni wrote:
> > On Mar 16, 2016, at 6:44 PM, Viktor Dukhovni <openssl-
users at dukhovni.org> wrote:
> >> Was the SSL_get_version() behavior changed on purpose in the Beta 1
> >> release? This function used to return "TLSv1" when TLS v1.0 was
> >> used
> >> while it is now in Beta 1 returning "TLSv1.0" for that case.
> > 
> > I missed this change in the review.  Sorry about that.  It should
> > perhaps be reverted for beta2.  The reported version string for
> > TLS 1.0 has been "TLSv1" since support for "TLS 1.0" was introduced.
> > It should likely stay that way.
> I think it is reasonable to preserve the backwards compatible "TLSv1"
> for the string protocol version, but do we also need to preserve the
> "TLSv1.0" in ciphers(1) output?  If so, the code needs an exception
> that can otherwise be avoided.

I'd say that ciphers(1) is directed more at human users than on 
applications, I don't think changing it there would be a problem.

Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160318/3e5686db/attachment.sig>

More information about the openssl-dev mailing list