SSL_CTX_set_ssl_version changes security level

NAKANO Takuho takotakot+openssl at
Mon May 11 08:01:27 UTC 2020


I've found SSL_CTX_set_ssl_version changes security level:

int main(void){
  int i;
  struct ssl_ctx_st *ctx = SSL_CTX_new(SSLv23_method());

  printf("seclevel: %d\n", SSL_CTX_get_security_level(ctx));
  // 0--5 any

  i = SSL_CTX_set_ssl_version(ctx, SSLv23_client_method());
  printf("SSL_CTX_set_ssl_version result: %d\n", i);
  // i ==1; success

  printf("seclevel: %d\n", SSL_CTX_get_security_level(ctx));
  // result 2

  return 0;

OS: CentOS 8
OpenSSL 1.1.1c FIPS  28 May 2019

Are there any reasons?
I know SSLv23_method is deprecated. That does not matter.


More information about the openssl-users mailing list