[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-users
Subject: Re: Something like SSL_CTX_set_alpn_select_cb for ciphers and ssl/tls protocol version
From: Matt Caswell <matt () openssl ! org>
Date: 2019-06-18 10:04:26
Message-ID: 1d247933-c138-9c8c-299d-869ec2d82218 () openssl ! org
[Download RAW message or body]
On 18/06/2019 10:13, Alexander Gryanko wrote:
> Hello,
>
> I'm looking for the way to do something like SSL_CTX_set_alpn_select_cb but for
> ciphers and ssl/tls protocol version. As I see ssl_choose_server_version and
> ssl3_choose_cipher has no any callbacks in tls_early_post_process_client_hello.
> Is there any way to disable protocols for some cases? Something like A/B testing
> with 50% of traffic with enabled Chacha20 and 50% of traffic with disabled.
If you are using OpenSSL 1.1.1 then probably you could do something with the
client hello callback:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_client_hello_cb.html
Matt
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic