On Thu, 1 Dec 2016, Quanah Gibson-Mount wrote: ...
There is not, as far as I know, any way to fine tune things beyond this (I.e., accept TLS 1.1 and TLS 1.3, but not TLS 1.2).
Right, because the on-the-wire protocol itself just carries a single version number, so if a client only supports a discontiguous set of versions then negotiation can fail despite there being a common supported version. Indeed, recent enough releases of OpenSSL automatically prevent that on the client side: /* * SSL_OP_NO_X disables all protocols above X *if* there are * some protocols below X enabled. This is required in order * to maintain "version capability" vector contiguous. So * that if application wants to disable TLS1.0 in favour of * TLS1>=1, it would be insufficient to pass SSL_NO_TLSv1, the * answer is SSL_OP_NO_TLSv1|SSL_OP_NO_SSLv3|SSL_OP_NO_SSLv2. */
And now in OpenSSL 1.1.0 the use of the SSL_OP_NO_TLSv1* options is deprecated in favor of new SSL_CTX_set_{min,max}_proto_version() APIs, making it impossible at the API level to specify discontiguous sets of versions.
Philip Guenther