Reputation: 18574
Can I manage TLS version negotiation of OpenSSL 1.0+ by ENV variable or config? Want force exactly TLSv1
Can I force SSLv3 or TLSv1 for any program using OpenSSL by setting ENV variable or openssl.cnf config file? I found that my OpenSSL 1.0.1c version start negotiating TLSv1.2 at the 1st and that makes me problem connecting to specific API (namely Shopify API). It fails with SSL protocol error.
That problem is common for any SW linked against my OpenSSL 1.0.1c, versions <1.0 works well, in my case OSX bundled 0.9.8r. Also found Ubuntu's 1.0.1c is OK... that's overwhelming.
A test:
curl https://ApiKey:[email protected]/admin/customers.json
Fails exactly after 1min. with Unknown SSL protocol error.
curl -1 https://ApiKey:[email protected]/admin/customers.json
Passes immediately OK.
So then default negotiation doesn't work OK. I need to force SSLv3 or TLSv1 (not TLSv1.1+), but I'm not going to rewrite every library or util.
I'm going to use Python and presently I can communicate just using PyCURL and forcing SSLv3 or TLSv1. I can't use original ShopifyAPI library cause of that SSL default negotiation issue.
Upvotes: 2
Views: 1145
Answers (2)
Reputation: 816
As far as I know, you can't. You have to pass the option to the curl calls or make a utility which will do it for you.
Upvotes: 0
Reputation: 5086
Looks like the connection needs to use --sslv3 to work correctly, see this other SO post for more detail Can I change a date on shopify blog using api?
Upvotes: 1
Related Questions
- How to enforce the server to use only TLSv1.2?
- How to make OpenSSL C server only support TLS 1.3?
- socat openssl-listen - ensuring TLSv1.3 is in use
- How to enable only TLSv1.2 in Apache Airflow
- how to force TLSv1.2 in Python 3.7.4 and openssl 1.1.1?
- Enabling TLS1.3 in Apache
- Prevent TLS version negotiation?
- Configure Apache TLSv 1.2
- How can I disable TLSv1 without change source code?
- About TLS 1.2 support in openssl