[Libwebsockets] TLS version

Andy Green andy at warmcat.com
Thu Jun 9 11:42:04 CEST 2016



On 06/09/2016 03:36 PM, Ondra Čopák wrote:
> Hello,
>
> I have a question regarding TLS version when OpenSSL is used.
> I see that it is possible to specify the allowed ciphers by using the
> ssl_cipher_list.
>
> Is it also possible to specify which TLS protocol versions are supported
> (for example allow only TLS1.2)?
>
> Seems to me that it is hard-coded now for all but SSLv2 and SSLv3 .
>
> ssl-server.c, lws_context_init_server_ssl()
> SSL_CTX_set_options(vhost->ssl_ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);

That does seem to be how it is atm.

It looks like this can do what you suggest

https://www.openssl.org/docs/manmaster/ssl/SSL_CONF_cmd.html

by passing another magic runtime string as we do for the ciphers.

Is that going to hit the spot?

-Andy

> Thank you.
>
> Best regards,
> Ondrej
>
>
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> http://libwebsockets.org/mailman/listinfo/libwebsockets
>



More information about the Libwebsockets mailing list