TLS Version in Record Layer using OpenSSL 1.1.1

Michael Lee Michael.Lee2 at
Fri Jun 2 23:22:18 UTC 2023

Hello Matt Caswell:

Regarding your remark from
Basically the record version is never greater than TLSv1.2. If we're in
an initial ClientHello (not a renegotiation or an HRR) and the max
version is > TLSv1.0 then the record version is fixed at TLSv1.0 for the
ClientHello record.

Do you know if this "fixed at TLSv1.0" restriction is relaxed with OpenSSL 3?
We have packets that are being blocked by firewall due to the TLS 1.0 signature.
We desperately need to change the Record Layer version to TLS 1.2 somehow.

-Mike Lee

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list