[EXTERNAL] Re: Openssl TLSv1.3 ciphers failing during handshake
matt at openssl.org
Wed Jul 12 10:12:01 UTC 2023
Yes, TLSv1_client_method() is deprecated for exactly this reason.
On 12/07/2023 10:54, kgoudra at ups.com wrote:
> Just noticed we are passing TLSv1_client_method().
> I changed it to TLS_client_method() now, after which I am able to make connection with TLSv1.3
> Thanks for your guidance!
> -----Original Message-----
> From: openssl-users <openssl-users-bounces at openssl.org> On Behalf Of Matt Caswell
> Sent: Wednesday, July 12, 2023 3:11 AM
> To: openssl-users at openssl.org
> Subject: [EXTERNAL] Re: Openssl TLSv1.3 ciphers failing during handshake
> CAUTION! This email originated outside of the organization. Please do not open attachments or click links from an unknown or suspicious origin.
> On 12/07/2023 09:06, kgoudra--- via openssl-users wrote:
>> ciphers available:ssl/statem/statem_clnt.c:3802:No ciphers enabled for
>> max supported SSL/TLS version
> This tells us that it thinks you have not configured any ciphers suitable for the highest TLS protocol version it thinks it can use.
>> *const char *cipher_list =
>> *SSL_CTX_set_cipher_list(pCtx, "");*
>> *SSL_CTX_set_ciphersuites(pCtx, cipher_list);*
> This disables all ciphers for <= TLSv1.2 - which would be consistent with the above error message if it believes that the highest protocol version it supports is <= TLSv1.2.
> What SSL_METHOD are you using in the client when you create the SSL_CTX?
> i.e. what parameter do you pass to `SSL_CTX_new()`?
More information about the openssl-users