On Thu, Apr 25, 2013 at 04:40:12AM -0700, Cipher wrote:
> For FIPS work, we are planning to support only TLSv1.2 ciphers. Is there a
> configuration option to use *only* TLSv1.2 ciphers?
You say ciphers here.
> we are using apache/mod_ssl engine(v 2.2.16). *SSLProtocol* directive does
> not support TLSv1.1/TLSv1.2 option.
And then protocols here. Which do you want, the protocol or the ciphers?
> if there is no config option, which functions need to be changed to support
> only TLSv1.2 in FIPS mode?(If the list is not so long)
> any inputs are highly appreciated.
I am not aware of any "config" option. At runtime you can call:
SSL_CTX_set_options() with an argument of:
SSP_OP_NO_SSLv2|
SSL_OP_NO_SSLv3|
SSL_OP_NO_TLSv1|
SSL_OP_NO_TLSv1_1
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
