How to disable TLS 1.3 in OpenSSL 1.1.1

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

How to disable TLS 1.3 in OpenSSL 1.1.1

Swamy J-S

I have updated my openssl from 1.1.0 to 1.1.1 recently. Openssl 1.1.1 version supports TLS1.3 feature.

But I want to use TLS 1.2 only for my application with curl 7.58 in Ubuntu 18.04. So while using openssl 1.1.1 how to disable default TLS 1.3 and how to enable TLS 1.2?

 

Can I set any flags while building openssl 1.1.1 to disable TLS 1.3 or can i get any package from ubuntu to disable TLS 1.3 ?

 

 

Thanks and Regards,

SWAMY J S

 

Reply | Threaded
Open this post in threaded view
|

Re: How to disable TLS 1.3 in OpenSSL 1.1.1

Hal Murray

> But I want to use TLS 1.2 only for my application with curl 7.58 in Ubuntu
> 18.04. So while using openssl 1.1.1 how to disable default TLS 1.3 and how
> to enable TLS 1.2?

Just curious.  Why do you want to disable TLS 1.3?  It will automagically use
1.2 if that's all the other end supports.  Why not use 1.3 if both ends
support it?


> Can I set any flags while building openssl 1.1.1 to disable TLS 1.3 or can
> i get any package from ubuntu to disable TLS 1.3 ?

You can do it at run time using SSL_set_max_proto_version


--
These are my opinions.  I hate spam.



Reply | Threaded
Open this post in threaded view
|

Re: How to disable TLS 1.3 in OpenSSL 1.1.1

Viktor Dukhovni


> On Mar 21, 2019, at 2:14 AM, Hal Murray <[hidden email]> wrote:
>
>> Can I set any flags while building openssl 1.1.1 to disable TLS 1.3 or can
>> i get any package from ubuntu to disable TLS 1.3 ?
>
> You can do it at run time using SSL_set_max_proto_version

It can also be set in the system-wide default openssl.cnf file.

--
        Viktor.