Quantcast

TLSv1_2_method

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

TLSv1_2_method

Lei Kong

Can processes running with TLSv1_2_method talk to processes running with something older, e.g. TLSv1_1_method? Along the same lines, will new TLS versions be backward compatible with TLSv1_2_method ?

 

I would like to make my code proof, is there something like TLS_latest_method()?

 

I have a cluster of nodes that talk to each other with TLS, currently the version is hardcoded to TLSv1_2_method. Suppose TLSv1_2 is deprecated by TLS_new one day, I update my service to use TLS_new node by node, during this time, some old nodes are running with TLSv1_2, some new nodes are running with new TLS_new, will the communication between old and new nodes work?

 

Thanks.

 


--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: TLSv1_2_method

Viktor Dukhovni

> On Mar 24, 2017, at 5:51 PM, Lei Kong <[hidden email]> wrote:
>
> TLS_latest_method

https://www.openssl.org/docs/man1.1.0/ssl/SSL_CTX_new.html

   ...

   TLS_method(), TLS_server_method(), TLS_client_method()

   These are the general-purpose version-flexible SSL/TLS methods.
   The actual protocol version used will be negotiated to the
   highest version mutually supported by the client and the server.
   The supported protocols are SSLv3, TLSv1, TLSv1.1 and TLSv1.2.
   Applications should use these methods, and avoid the version-specific
   methods described below.

With OpenSSL 1.0.2 these are called SSLv23_method(), ...

   https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_new.html

--
        Viktor.

--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Loading...