3

I am updating the OpenSSL libraries in my application to version 1.0.2c.

This version supports the TLS 1.0, TLS 1.1 and TLS 1.2 as well the SSL 3.0. I would like to configure my application to automatic negotiate the highest version possible.

I have read the documentation provided in https://www.openssl.org/docs/ssl/SSL_CTX_new.html which says that the TLS_method, TLS_client_method and TLS_server_method methods can do this.

But in the Windows distribution (avaliable in https://www.openssl.org/related/binaries.html) the ssleay32.dll does not export the methods TLS_method, TLS_client_method and TLS_server_method. Other methods, like TLSv1_method, TLSv1_1_method and TLSv1_2_method are exported. However those only accepts a specific version.

What method should I use in order to make the version negotiation automatic? Or should I choose the version at runtime?

Stephan Dieter Bieging
  • 33
  • 1
  • 5
  • What version of OpenSSL are you using? – jww Jun 17 '15 at 20:08
  • I am using OpenSSL 1.0.2c. – Stephan Dieter Bieging Jun 18 '15 at 14:28
  • 1
    The `TLS_(client|server)_method()` functions were added in OpenSSL 1.1.0. For 1.0.2 and earlier, you have to use the older `..._method()` functions (`TLSv1_(client|server)_method()`, `TLSv1_1_(client|server)_method()`, `TLSv1_2_(client|server)_method()`, etc). For version negotiation, you can use `SSLv23_(client|server)_method()`. – Remy Lebeau Jul 10 '18 at 18:46

1 Answers1

0

I would like to configure my application to automatic negotiate the highest version possible.

Use the following code from SSL/TLS Client on the OpenSSL wiki:

const SSL_METHOD* method = SSLv23_method();
if(method == NULL) handleFailure();

ctx = SSL_CTX_new(method);
if(ctx == NULL) handleFailure();

/* Cannot fail ??? */
const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_COMPRESSION;
SSL_CTX_set_options(ctx, flags);

It gets you "TLS 1.0 and above".

Note the lower bound really provides a TLS record layer version of TLS 1.0. The upper bound is the TLS client version of TLS 1.2. The record layer carries the encrypted payload. And the SSLv23_method gets you a ClientHello in a particular format (for SSLv3 and above).

Implying the lower bound from the record layer version is how most folks use it, but its not how the standard is written. And the TLS Working Group appears to refuse to provide it that way. The effective argument given is "suppose a client want to use TLS 1.0, 1.2 and 1.3, but not 1.1". I don't know anyone who drops a protocol version like that, so its just a strawman to me.

You can read more about it at one of the answer to Check Server security protocol using openssl.

Related, you should use this cipher suite list:

const char* const PREFERRED_CIPHERS = "HIGH:!aNULL:!MD5:!RC4";
res = SSL_set_cipher_list(ssl, PREFERRED_CIPHERS);
if(res != 1) handleFailure();

As a matter of fact, RSA key transport is no longer favored by the security community, so the following may even be a better choice when using a certificate with a RSA key:

"HIGH:!aNULL:!MD5:!RC4:!kRSA";

The cipher string will provide mostly contemporary security, and it will avoid the obsolete cryptography warning.

Community
  • 1
  • 1
jww
  • 97,681
  • 90
  • 411
  • 885
  • 1
    In the Windows distribution, `ssleay32.dll` does not export `SSL_CTX_set_options`. I could not find that function in the exports section. Is there any other function to set the options? – Stephan Dieter Bieging Jun 17 '15 at 19:19
  • @Stephan - its a macro. – jww Jun 18 '15 at 17:41
  • I have read the bug report that you wrote. I checked `ssl.h` source code and I will try using the function `SSL_CTX_ctrl` to send the options you mentioned above. – Stephan Dieter Bieging Jun 18 '15 at 19:00
  • This solution worked for me after removing the call `SSL_CTX_set_cipher_list` with the value `'ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP'`. Now I can connect to a server using `SSL 3.0`, `TLS 1`, `TLS 1.1` and `TLS 1.2`. – Stephan Dieter Bieging Jul 09 '15 at 18:55
  • @StephanDieterBieging - `+SSLv2` should *not* show up in a cipher list. You add or remove that with a `SSL_OP_*` option using [`SSL_ctx_set_options`](https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html) and friends. For options and setting up a context, see [Setting up TLS1.2 connection which supports SNI](http://stackoverflow.com/a/24415607/608639). For your cipher list, use *`"HIGH:!ADH:!RC4:!MD5"`*. – jww Jul 10 '15 at 23:27