configuring openssl-1.1.1b with -DOPENSSL_TLS_SECURITY_LEVEL=0

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

configuring openssl-1.1.1b with -DOPENSSL_TLS_SECURITY_LEVEL=0

OpenSSL - User mailing list
Hi

Are we expect to loose the TLS_1.3 security capability if we configure the openssl-1.1.1b security level to -DOPENSSL_TLS_SECURITY_LEVEL=0 ?
or
in other words, does it makes TLS_1.3 backwards compatible ?
or
we are not using TLS_1.3  if we configure like this.

Thanks
Syed
Reply | Threaded
Open this post in threaded view
|

Re: configuring openssl-1.1.1b with -DOPENSSL_TLS_SECURITY_LEVEL=0

Matt Caswell-2


On 04/07/2019 09:09, syed moulana via openssl-users wrote:

> Are we expect to loose the TLS_1.3 security capability if we configure the
> openssl-1.1.1b security level to -DOPENSSL_TLS_SECURITY_LEVEL=0 ?
> or
> in other words, does it makes TLS_1.3 backwards compatible ?
> or
> we are not using TLS_1.3  if we configure like this.

That define should have no impact at all on whether TLSv1.3 is available or not.

Setting the default security level to 0 (instead of the default which is 1),
will mean that parameters offering less that 80 "security bits" are allowed. For
example DH keys shorter than 1024 bits would be accepted, as would ECC keys
shorter than 160 bits.

TLSv1.3 imposes its own limits irrespective of the security level. So for DH and
ECC you are only allowed to use specific parameters which would always give you
keys that are greater than the above anyway. Where TLSv1.3 is more restrictive
than the specified security level, then the TLSv1.3 restrictions still apply.

Having said all of that I would advise against setting this define at all. The
default is 1 for a reason. Allowing weaker security than that is usually a bad idea.

Matt