[openssl-users] Working around servers requiring SSL 2/3 record layer, and using TLS 1.2?

[Jeffrey Walton]

How do we work around a server that seems to require SSLv23_method?
That is, they accept the SSLv3 record layer and TLS 1.2 protocol, but
they reject record layers and protocols that only specify TLS 1.2?

As far as I know, there are no constants for TLS 1.0 and 1.1, so we
can't extend this in clients:

const SSL_METHOD* method = SSLv23_method();
ctx = SSL_CTX_new(method);
...

const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
SSL_OP_NO_COMPRESSION;
SSL_CTX_set_options(ctx, flags);

Thanks in advance.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[Viktor Dukhovni]

> On Feb 10, 2016, at 9:03 PM, Jeffrey Walton <nolo...@gmail.com> wrote:
>
> How do we work around a server that seems to require SSLv23_method?

Don't think of this as a work-around. You SHOULD use the version-flexible
method (renamed from SSLv23_method() to TLS_method() in master).

You should then disable unwanted protocols that are too weak. In master
use the new min/max version controls and avoid the SSL_OP_NO_<some_version>
macros. In 1.0.x, use the macros to disable some contiguous set of protocol
versions starting at SSLv2.

--
Viktor.

[Jeffrey Walton]

>> How do we work around a server that seems to require SSLv23_method?
>
> Don't think of this as a work-around. You SHOULD use the version-flexible
> method (renamed from SSLv23_method() to TLS_method() in master).
>
> You should then disable unwanted protocols that are too weak. In master
> use the new min/max version controls and avoid the SSL_OP_NO_<some_version>
> macros. In 1.0.x, use the macros to disable some contiguous set of protocol
> versions starting at SSLv2.
>

Thanks Viktor. It sounds like Master is in good working order. Is
there anything that can be done with OpenSSL 1.0.2?

Jeff

[Viktor Dukhovni]

> On Feb 10, 2016, at 9:28 PM, Jeffrey Walton <nolo...@gmail.com> wrote:
>
>> You should then disable unwanted protocols that are too weak. In master
>> use the new min/max version controls and avoid the SSL_OP_NO_<some_version>
>> macros. In 1.0.x, use the macros to disable some contiguous set of protocol
>> versions starting at SSLv2.
>>
> Thanks Viktor. It sounds like Master is in good working order. Is
> there anything that can be done with OpenSSL 1.0.2?

Use SSLv23_method() (or SSLv23_client_method() if you prefer) and disable
unwanted protocols via the SSL_OP_NO_<someversion> macros, making sure to
disable each of SSLv2, SSLv3, ... up to some last protocol version you
want to disable without leaving any gaps. That is don't make the mistake
of disabling SSLv2 and TLSv1 while leaving SSLv3 enabled which creates
"holes" in the range of supported protocols (in this case TLSv1 is a "hole"
between SSLv3 and TLSv1.1).

--
Viktor.

[Kurt Roeckx]

On Wed, Feb 10, 2016 at 09:03:35PM -0500, Jeffrey Walton wrote:
> As far as I know, there are no constants for TLS 1.0 and 1.1, so we
> can't extend this in clients:
>
> const SSL_METHOD* method = SSLv23_method();
> ctx = SSL_CTX_new(method);
> ...
>
> const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
> SSL_OP_NO_COMPRESSION;
> SSL_CTX_set_options(ctx, flags);

The constant for TLS 1.0, 1.1 and 1.2 exist too. But I don't
think they're all documented in the 1.0.2 branch.

# define SSL_OP_NO_SSLv2 0x01000000L
# define SSL_OP_NO_SSLv3 0x02000000L
# define SSL_OP_NO_TLSv1 0x04000000L
# define SSL_OP_NO_TLSv1_2 0x08000000L
# define SSL_OP_NO_TLSv1_1 0x10000000L



Kurt