[openssl-users] Does openssl server always choose highest TLS version offered?
Nounou Dadoun
nounou.dadoun at avigilon.com
Fri Nov 6 20:59:58 UTC 2015
Quick question, modifying context options on an openssl server (disabling SSLv2 and SSLv3, enabling TLSv1 (for compatibility for now), TLSv1.1 and TLSv1.2) and I had a question about which version is chosen in practice in a TLS connection.
I've read that in general the client proposes the highest version it supports and the server chooses a compatible version or rejects if there isn't one. Rfc5246 basically says that the server will choose the highest version but I wanted to confirm that that's what openssl does (just to be certain).
e.g. if the client proposes TLSv1.2 and the server supports TLSv1.2, will the server *ever* select TLSv1.1?
thanks . N
Nou Dadoun
Senior Firmware Developer, Security Specialist
Office: 604.629.5182 ext 2632
Support: 888.281.5182 | avigilon.com
Follow Twitter | Follow LinkedIn
More information about the openssl-users
mailing list