[Libwebsockets] TLS version

Andy Green andy at warmcat.com
Thu Jun 9 11:42:04 CEST 2016

On 06/09/2016 03:36 PM, Ondra Čopák wrote:
> Hello,
> I have a question regarding TLS version when OpenSSL is used.
> I see that it is possible to specify the allowed ciphers by using the
> ssl_cipher_list.
> Is it also possible to specify which TLS protocol versions are supported
> (for example allow only TLS1.2)?
> Seems to me that it is hard-coded now for all but SSLv2 and SSLv3 .
> ssl-server.c, lws_context_init_server_ssl()
> SSL_CTX_set_options(vhost->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);

That does seem to be how it is atm.

It looks like this can do what you suggest


by passing another magic runtime string as we do for the ciphers.

Is that going to hit the spot?


> Thank you.
> Best regards,
> Ondrej
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> http://libwebsockets.org/mailman/listinfo/libwebsockets

More information about the Libwebsockets mailing list