[openssl-users] Query on API availability for openssl versions
Grace Priscilla Jero
grace.priscilla at gmail.com
Tue Oct 17 09:01:37 UTC 2017
Thank you Matt for the quick response.
For "2," does it mean that every cipher suite can operate in multiple
I thought that there were specific set of cipher suites operating in each
of the levels.
On Tue, Oct 17, 2017 at 2:25 PM, Matt Caswell <matt at openssl.org> wrote:
> On 17/10/17 09:21, Grace Priscilla Jero wrote:
> > Hi All,
> > 1)
> > The below APIs used to set the maximum and minimum versions are
> > available in 1.1.0f version of OPENSSL.
> > int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, int version);
> > int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, int version);
> > int SSL_set_min_proto_version(SSL *ssl, int version);
> > int SSL_set_max_proto_version(SSL *ssl, int version);
> > Do you have the same in any of the 1.0.2x threads or plan to have it in
> > any later versions. We don't see it available in 1.0.2k or 1.0.2l
> > versions. Kindly update us on the same.
> These APIs were first introduced into 1.1.0, and we intend to continue
> to support them moving forward in future versions. However they will not
> be backported to the 1.0.2 branch. We do not add new features to a
> stable branch.
> In 1.0.2 you must use the options SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1,
> SSL_OP_NO_TLSv1_1 and SSL_OP_NO_TLSv1_2 via the SSL_CTX_set_options() or
> SSL_set_options() functions.
> > 2)
> > There are a set of APIs to set/get security level wherein each level
> > supports a set of cipher suites. Is there something available in OPENSSL
> > wherein I can get the level and set it when I provide a cipher suite.
> > We have a case where we give the user a provision to provide his own
> > list of cipher suites and we need to set the appropriate level in the
> > API so that we support it for the connections. Kindly provide your
> You can set the security level via the cipher string using the special
> cipher string command "@SECLEVEL". For example to set all default
> ciphersuites at security level 2 or above you can use:
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the openssl-users