Order of protocols in MinProtocol
Matt Caswell
matt at openssl.org
Wed Jul 8 15:36:55 UTC 2020
On 08/07/2020 16:28, Viktor Dukhovni wrote:
>> How could I set the a System default "MinProtocol" for DTLS and TLS to 1.2?
>
> AFAIK, that's not presently possible. You can specify application
> profiles, for applications that specify an application name when
> initializing OpenSSL. Or use the OPENSSL_CONF environment variable to
> select an alternative configuration file for DTLS applications.
>
Arguably, that is a bug. You *should* be able to do that - perhaps based
on some sensible mapping between TLS protocol versions based on whether
we have a DTLS or TLS based SSL_METHOD.
Matt
More information about the openssl-users
mailing list