Order of protocols in MinProtocol

Klaus Umbach klaus+ml.openssl-users at uxix.de
Wed Jul 8 14:58:39 UTC 2020


when I set "MinProtocol" to "TLSv1.2" in openssl.cnf, DTLSv1.2 doesn't work for
the client (in my specific case openconnect).

According to https://www.openssl.org/docs/man1.1.1/man3/SSL_CONF_cmd.html,
only one value is possible, so I can't set both. The usage of "Protocol",
where I could use a list, is marked as deprecated.

If I set it to "DTLSv1.2", openconnect works fine, but why is "TLSv1.2" higher
than "DTLSv1.2" and what is the minimal version of TLS now?

How could I set the a System default "MinProtocol" for DTLS and TLS to 1.2?


More information about the openssl-users mailing list