2

I have the following source to connect websocket server using TLS/SSL protocol :

struct sessionTLS {
    int sid;
    SSL_CTX *ctx;
    SSL *ssl;
};
sessionTLS tls ;
tls.ctx = SSL_CTX_new(TLS_client_method());

According to libressl manual : https://man.openbsd.org/SSL_CTX_new.3

TLS_method(), TLS_server_method(), TLS_client_method()

These are the general-purpose version-flexible SSL/TLS methods. 
The actual protocol version used will be negotiated to the highest version 
mutually supported by the client and the server. The supported protocols are 
TLSv1, TLSv1.1, TLSv1.2, and TLSv1.3. Applications should use these methods 
and avoid the version-specific methods described below.

Then I like to know how to know the actual protocol is ?! after negotiation done between server and client , there should be some messages showes like SSLV3 is the protocol, TLSV1 is the protocol, or else .

I am brand new in TLS/SSL, any suggestions, informations are great appreciated .

barfatchen
  • 1,630
  • 2
  • 24
  • 48
  • I'm not sure what you are asking. Do you want to know how the TLS protocol version gets determined in the first place, how you can check it from the TLS traffic or how you can check the final version from your C code? – Steffen Ullrich Jun 19 '20 at 10:44
  • 1
    [SSL_get_session](https://man.openbsd.org/SSL_get_session.3) plus [SSL_SESSION_get_protocol_version](https://man.openbsd.org/SSL_SESSION_get_protocol_version.3) then optionally use the literals from `tls1.h`. Also, SSLv3 is completely broken and should not be used (OpenSSL>=1.1.0 excludes it at build time by default, but I don't know about LIbre), and TLSv1.0 (which OpenSSL/LIbreSSL calls just TLSv1) is marginal and widely deprecated or forbidden. – dave_thompson_085 Jun 19 '20 at 11:01

0 Answers0