Request for Recommended OpenSSL SSL_CTX Settings for Cross-Platform Client-Server Communication

62 views
Skip to first unread message

Siddharth Dash

unread,
Jul 12, 2025, 3:59:12 AM7/12/25
to openss...@openssl.org

We are developing a cross-platform TLS-secured communication system where OpenSSL acts as both a client and a server, interfacing with different environments (Windows Schannel, Linux, etc.).

To ensure robust security, compatibility, and performance, we seek recommendations for optimal SSL_CTX configurations for both client and server setups. 

We appreciate any best practices, sample configurations, or references to ensure secure and interoperable TLS communication across platforms.


--
Regards,
Siddharth

Michael Richardson

unread,
Jul 12, 2025, 1:34:12 PM7/12/25
to Siddharth Dash, openss...@openssl.org

Siddharth Dash <siddha...@gmail.com> wrote:
> We are developing a *cross-platform TLS-secured communication system* where
> OpenSSL acts as both a *client* and a *server*, interfacing with different
> environments (Windows Schannel, Linux, etc.).

So, it's all OpenSSL 3.x, and no other implementations?
And no communication with outside systems, like HTTPS://public.stuff/
You mention microsoft Schannel, so I think it's not just openssl.
(OTH, I've encountered microsoft trained managers who assumed they were using
Schannel, but they turned out to be using obsolete openssl1.0)

> To ensure *robust security, compatibility, and performance*, we seek
> recommendations for optimal *SSL_CTX configurations* for both *client and
> server* setups.

The defaults are really pretty good. And by not overriding that, you'll get
updates as OpenSSL does the right thing.
You'll get TLS 1.3 with modern crypto, with fallback to TLS 1.2.
You could turn off TLS 1.2 if this is totally openssl greenfield.

> We appreciate any *best practices, sample configurations, or references* to
> ensure secure and interoperable TLS communication across platforms.

Generally, you should think more about how *you* authenticate your TLS
connections, rather than how openssl acts. If you are using the same pinned
TLS certificate+private key (I've seen this many times, including copying
a private key associated with a wildcard certificate everywhere), then that's
a bigger concern then anything OpenSSL is doing. TLS w/PSK authentication
can seem convenient at first, but upon disclosure, it's the hardest to
recover from.


signature.asc
Reply all
Reply to author
Forward
0 new messages