[Libwebsockets] 答复: a question about TLS version in libwebsockets 4.0.

Andy Green andy at warmcat.com
Tue Sep 1 15:37:55 CEST 2020



On 9/1/20 2:20 PM, huangkaicheng wrote:
> Hi, we use libwebsockets with openssl. And we want to know what is
> the tls version that websockets is using default?  TLS1.0 ? Is there
> a way to set TLS version,  we cannot find the method to set TLS
> version. please help to anwer for me. Thanks.
> 

If you're using OpenSSL, you can control the SSL CTX options set or 
cleared when creating the vhost (which is set by the context creation 
info struct if you use the default vhost).  For client CTX

https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-context-vhost.h#n504-507

and for server CTX

https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-context-vhost.h#n435-438

use a bitfield OR-ing together the OpenSSL constants like

SSL_OP_NO_SSLv3
SSL_OP_NO_TLSv1
SSL_OP_NO_TLSv1_1
SSL_OP_NO_TLSv1_2
SSL_OP_NO_TLSv1_3

See here for a list of available option bitfields in OpenSSL

https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_options.html

-Andy


More information about the Libwebsockets mailing list