Need Help to restrict the minimum TLS1.2 for TLS handshake flow

[manmohanpatel2005]

Hi,

I am using below API to establish a call-home TLS connection with server.

nc_client_init(); nc_client_tls_ch_set_trusted_ca_paths(); nc_client_tls_ch_set_cert_key_paths(); nc_client_tls_ch_set_crl_paths(); nc_client_tls_ch_add_bind_listen(); nc_accept_callhome();

Sometime TLS1.1 and sometime TLS1.2 handshake is being initiated from call_home client end. Server side of TLS end restricted to TLS1.2 as minimum protocol, so when TLS1.1 TLS hello is sent, TLS session is not getting established.

Let us know in TLS client side what code can help to initiate TLS1.2 TLS handshake as a minimum protocol .

Br, Manmohan

[michalvasko]

What version of OpenSSL are you using? It is a part of TLS handshake to agree on the highest supported TLS version and if both ends support TLS 1.2, they must not use anything else (this requirement is part of the spec, I believe).

[manmohanpatel2005]

OpenSSL version 1.0.2k .

It is a part of TLS handshake to agree on the highest supported TLS version

This need to set in code where we create SSL or TLS_CTX , but in code I can't see it is set.

Please share your suggestion.

Br, Manmohan

[michalvasko]

Here is the server code and here the client code, not sure what else could we do.