-
|
I am trying to use c++ Botan::TLS with boost::beast, and can not find how to how to Set TLS version for TLS::Stream. I searched the botan headers and found that TLS::Stream uses a fixed latest_tls_version() (aka TLS_V12), but is there a way to set a different version for it with a parameter? |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
I'm not sure if that is possible. @hrantzsch @reneme any ideas? But I am curious what situation you are in that this is required/useful. These days TLS 1.0 and 1.1 are thoroughly obsolete and have a lot of security issues. |
Beta Was this translation helpful? Give feedback.
-
|
That is indeed true. The current implementation of the asio stream will always offer the latest supported version of the library. The stream is meant to be a (more or less) drop-in replacement for Boost's TLS stream implementation based on OpenSSL. Hence, I would like to keep the interface of I suggest to to add a configuration in the Also: Please refer to those repositories, they might give you an easier start: |
Beta Was this translation helpful? Give feedback.
-
Thank you. This is really helpful. As I know very little about cryptography, I will learn it from that botan-tls-stream-example piece by piece. |
Beta Was this translation helpful? Give feedback.
That is indeed true. The current implementation of the asio stream will always offer the latest supported version of the library. The stream is meant to be a (more or less) drop-in replacement for Boost's TLS stream implementation based on OpenSSL. Hence, I would like to keep the interface of
Stream::handshakeandStream::async_handshakestable.I suggest to to add a configuration in the
Contextclass (which already allows setting the SNI and a certificate verification callback) and that is used to instantiate a stream. Simply adding aContext::set_version_to_offer(Protocol_Version)method and acting upon it accordingly in the stream should do the trick.Also: Please refer to those reposi…