[openssl-users] Does openssl server always choose highest TLS version offered?

Nounou Dadoun nounou.dadoun at avigilon.com
Fri Nov 6 20:59:58 UTC 2015

Quick question, modifying context options on an openssl server (disabling SSLv2 and SSLv3, enabling TLSv1 (for compatibility for now), TLSv1.1 and TLSv1.2) and I had a question about which version is chosen in practice in a TLS connection.
I've read that in general the client proposes the highest version it supports and the server chooses a compatible version or rejects if there isn't one.  Rfc5246 basically says that the server will choose the highest version but I wanted to confirm that that's what openssl does (just to be certain).
e.g.  if the client proposes TLSv1.2 and the server supports TLSv1.2, will the server *ever* select TLSv1.1?
thanks . N

Nou Dadoun
Senior Firmware Developer, Security Specialist

Office: 604.629.5182 ext 2632 
Support: 888.281.5182  |  avigilon.com
Follow Twitter  |  Follow LinkedIn

More information about the openssl-users mailing list