'Re: [openssl-users] OPENSSL_VERSION_NUMBER and TLSv1_1 & TLSv1_2 supports'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: [openssl-users] OPENSSL_VERSION_NUMBER and TLSv1_1 & TLSv1_2 supports
From:       Jakob Bohm <jb-openssl () wisemo ! com>
Date:       2015-09-18 17:34:43
Message-ID: 55FC4B33.8030902 () wisemo ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]

On 18/09/2015 18:05, zosrothko wrote:
> Hi
>
> is there a way to know the supported TLS  protocols from the 
> OPENSSL_VERSION_NUMBER (specifically, the TLSv1_1 and TLSv1_2?
>
> For exemple, I have a code that is using TLSv1_1_client_method & 
> TLSv1_1_server_method for a OPENSSL_VERSION_NUMBER = 0x1000201fL, but 
> I need to protect those TLSv1_1 and TLSv1_2 entry points references 
> when my code is ported toward a previous version of OpenSSL that does 
> not support those TLS versions as the 1.0.0k version .
>
> Since there is no OPEN_SSL_NO_TLSv1_1 constant nor OPEN_SSL_NO_TLSv1_2 
> constant in the ssl.h(1.0.0k), I would like to use the 
> OPENSSL_VERSION_NUMBER to protect the references.
>
The numeric value of OPENSSL_VERSION_NUMBER maps directly
to the textual version number ("1.0.0k"), a look in the
official changelogs for each branch (0.9.8, 1.0.0, 1.0.1,
1.0.2, 1.1.0 etc.) to see at which comparison limits any given
feature was installed.

Or, since you are using the version number of the header
files, not the version of the runtime shared library, you
can simply use ifdef tests for relevant defines existing,
e.g.

#if defined(SSL_OP_NO_TLSv1_1) && !defined(OPENSSL_NO_TLS1)
/* SSL_OP_NO_TLSv1_1 is defined in ssl.h if the library version
  * supports TLSv1.1 .
  *
  * OPENSSL_NO_TLS1 is defined in opensslconf.h or on the
  * compiler command line if TLS1.x was removed at OpenSSL
  * library build time via Configure options.
  */
/* Code that requires headers from a TLSv1.1 capable OpenSSL
  * goes here.
  */
#endif

Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

[Attachment #5 (text/html)]

<html>
  <head>

    <meta http-equiv="content-type" content="text/html; charset=windows-1252">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix"><tt>On 18/09/2015 18:05, zosrothko
        wrote:</tt><tt><br>
      </tt></div>
    <blockquote class=" cite" id="mid_55FC3656_9080506_orange_fr"
      cite="mid:55FC3656.9080506@orange.fr" type="cite"><tt>Hi
      </tt><tt><br>
      </tt>
      <tt><br>
      </tt><tt>is there a way to know the supported TLS  protocols from
        the OPENSSL_VERSION_NUMBER (specifically, the TLSv1_1 and
        TLSv1_2?
      </tt><tt><br>
      </tt>
      <tt><br>
      </tt><tt>For exemple, I have a code that is using
        TLSv1_1_client_method &amp; TLSv1_1_server_method for a
        OPENSSL_VERSION_NUMBER = 0x1000201fL, but I need to protect
        those TLSv1_1 and TLSv1_2 entry points references when my code
        is ported toward a previous version of OpenSSL that does not
        support those TLS versions as the 1.0.0k version .
      </tt><tt><br>
      </tt>
      <tt><br>
      </tt><tt>Since there is no OPEN_SSL_NO_TLSv1_1 constant nor
        OPEN_SSL_NO_TLSv1_2 constant in the ssl.h(1.0.0k), I would like
        to use the OPENSSL_VERSION_NUMBER to protect the references.
      </tt><tt><br>
      </tt>
      <tt><br>
      </tt></blockquote>
    <tt>The numeric value of OPENSSL_VERSION_NUMBER maps directly <br>
      to the textual version number ("1.0.0k"), a look in the <br>
      official changelogs for each branch (0.9.8, 1.0.0, 1.0.1, <br>
      1.0.2, 1.1.0 etc.) to see at which comparison limits any given <br>
      feature was installed.</tt><tt><br>
    </tt><tt><br>
    </tt><tt>Or, since you are using the version number of the header <br>
      files, not the version of the runtime shared library, you <br>
      can simply use ifdef tests for relevant defines existing, <br>
      e.g.</tt><tt><br>
    </tt><tt><br>
    </tt><tt>#if defined(SSL_OP_NO_TLSv1_1) &amp;&amp; \
!defined(</tt><tt>OPENSSL_NO_TLS1)<br>  /* </tt><tt>SSL_OP_NO_TLSv1_1 is defined in \
ssl.h if the library  version <br>
       * supports TLSv1.1 .<br>
       *<br>
       * OPENSSL_NO_TLS1 is defined in opensslconf.h or on the <br>
       * compiler command line if TLS1.x was removed at OpenSSL <br>
       * library build time via Configure options.<br>
       */<br>
    </tt><tt>/* Code that requires headers from a TLSv1.1 capable
      OpenSSL <br>
       * goes here.<br>
       */</tt><tt><br>
    </tt><tt>#endif</tt><tt><br>
    </tt><tt><br>
    </tt>
    <pre class="moz-signature" cols="72">Enjoy

Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  <a class="moz-txt-link-freetext" \
href="http://www.wisemo.com">http://www.wisemo.com</a> Transformervej 29, 2860 \
Søborg, Denmark.  Direct +45 31 13 16 10 This public discussion message is \
non-binding and may contain errors. WiseMo - Remote Service Management for PCs, \
Phones and Embedded </pre>  </body>
</html>

_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

[prev in list] [next in list] [prev in thread] [next in thread] 