[openssl-users] Query regarding upgrading TLS compatibility

Mon Apr 3 22:15:33 UTC 2017

> On Apr 3, 2017, at 5:58 PM, Benjamin Kaduk via openssl-users <openssl-users at openssl.org> wrote:
> 
>> I have an query regarding TLS compatibility used in my application. Currently we are using TLS1.2 to connect to a third party sever. Is there any way to always use the highest TLS available version without modifying or recompiling the application code whenever there is any new version of TLS released.
> 
> The closest you can come is to use TLS_method() (or the client- or server-specific version of it), which will prefer the highest version supported by the library, but also be able to use older versions if needed in order to interoperate with the peer.  It's not entirely clear whether your question was about restricting to specifically the highest version, to the exclusion of older versions.

I would phrase this more forcefully.  The correct way to do exactly what the
OP asked for is to use TLS_method() and friends with OpenSSL 1.1.0 or later,
or its OpenSSL 1.0.x equivalents SSLv23_method() and friends.

https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_new.html
https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_new.html

TLS is downgrade-resistant, so there's no need to restrict to just
the most recent version.  Just disable all the obsolete versions that
have exposure to known attacks, currently SSLv2 and SSLv3.

Already with TLS 1.0 negotiation to the highest mutually supported
version should not be subject to downgrade attacks.  However, if
all the expected peers support TLS 1.2, one can also disable TLS 1.0
and TLS 1.1.

  https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html
  https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_set_options.html

-- 
	Viktor.

-- 
	Viktor.