[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: Something like SSL_CTX_set_alpn_select_cb for ciphers and ssl/tls protocol version
From:       Matt Caswell <matt () openssl ! org>
Date:       2019-06-18 10:04:26
Message-ID: 1d247933-c138-9c8c-299d-869ec2d82218 () openssl ! org
[Download RAW message or body]



On 18/06/2019 10:13, Alexander Gryanko wrote:
> Hello,  
> 
> I'm looking for the way to do something like SSL_CTX_set_alpn_select_cb but for
> ciphers and ssl/tls protocol version. As I see ssl_choose_server_version and
> ssl3_choose_cipher has no any callbacks in tls_early_post_process_client_hello.
> Is there any way to disable protocols for some cases? Something like A/B testing
> with 50% of traffic with enabled Chacha20 and 50% of traffic with disabled.

If you are using OpenSSL 1.1.1 then probably you could do something with the
client hello callback:

https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_client_hello_cb.html

Matt

[prev in list] [next in list] [prev in thread] [next in thread]