package async_ssl

  1. Overview
  2. Docs

The protocol and security level that libopenssl uses.

type t =
  1. | Sslv23
  2. | Tls
  3. | Sslv3
  4. | Tlsv1
  5. | Tlsv1_1
  6. | Tlsv1_2
  7. | Tlsv1_3

Best practice: Leave this at the default of Tls to allow negotiation, and use an option list (Opt.t list) when calling Ssl.server or Ssl.client to disable undesired versions of SSL/TLS. See opt.mli for more details.

The current defaults for Version and Opt will enable only TLSv1.2.

Tls allows negotiation, whereas the other options (besides the deprecated Sslv23) limit the connection to a single protocol version. See SSL_CTX_new(3) for more details. (If you are on CentOS 6, you should probably use https://www.openssl.org/docs/man1.0.1/ssl/SSL_CTX_new.html instead of the system manual pages--they appear out-of-date.)

SSLv2 was banned by RFC 6176 which contains a dire list of its shortcomings.

Older versions of OpenSSL do not support Tlsv1_1 and Tlsv1_2. You will be able to link with such a version, but will get an error about an undefined symbol at runtime if you try using the unsupported version.

include Sexplib0.Sexpable.S with type t := t
val t_of_sexp : Sexplib0.Sexp.t -> t
val sexp_of_t : t -> Sexplib0.Sexp.t
include Ppx_compare_lib.Comparable.S with type t := t
val compare : t -> t -> int
val default : t
OCaml

Innovation. Community. Security.