Using SSL_CTX_set_min_proto_version

Matt Caswell matt at openssl.org
Wed Apr 7 14:52:35 UTC 2021 


On 07/04/2021 15:22, Tamara Kogan via openssl-users wrote:
> I have not found any confirmation in TLS specs that the “record layer” 
> version must be 1.0.

I did not mean to imply that the specs say that the record layer version 
*must* be 1.0. Only that that is what OpenSSL *does*.

In fact the earlier versions of the SSL/TLS specs were quite ambiguous 
and unclear on this matter. It is partly for this reason and partly 
because of a proliferation a buggy server implementations that TLS 
version negotiation became the mess that it is today.

The current OpenSSL behaviour was chosen as a result of trying to go 
with the behaviour that gives the maximum interoperability whilst being 
entirely consistent with the specs.

The TLSv1.2 RFC was more explicit about what is allowed for the record 
layer version in the ClientHello message that the earlier versions:

   "TLS clients that wish to negotiate with older servers MAY send any
    value {03,XX} as the record layer version number.  Typical values
    would be {03,00}, the lowest version number supported by the client,
    and the value of ClientHello.client_version.  No single value will
    guarantee interoperability with all old servers, but this is a
    complex topic beyond the scope of this document."


TLSv1.3 says something different about it:

    "legacy_record_version:  MUST be set to 0x0303 for all records
     generated by a TLS 1.3 implementation other than an initial
     ClientHello (i.e., one not generated after a HelloRetryRequest),
     where it MAY also be 0x0301 for compatibility purposes.  This
     field is deprecated and MUST be ignored for all purposes.
     Previous versions of TLS would use other values in this field
     under some circumstances."


> Our client failed to connect to a mail server when the server changed 
> settings and limited  TLS versions to  1.2 only. The server parsed the 
> first three bytes of ClientHello, detected 1.0 version and closed the 
> connection.

Then, IMO, this server is buggy and not consistent with the TLSv1.2 spec.

Matt

More information about the openssl-users mailing list