Order of protocols in MinProtocol
matt at openssl.org
Wed Jul 8 15:36:55 UTC 2020
On 08/07/2020 16:28, Viktor Dukhovni wrote:
>> How could I set the a System default "MinProtocol" for DTLS and TLS to 1.2?
> AFAIK, that's not presently possible. You can specify application
> profiles, for applications that specify an application name when
> initializing OpenSSL. Or use the OPENSSL_CONF environment variable to
> select an alternative configuration file for DTLS applications.
Arguably, that is a bug. You *should* be able to do that - perhaps based
on some sensible mapping between TLS protocol versions based on whether
we have a DTLS or TLS based SSL_METHOD.
More information about the openssl-users