Why can I connect TLSv1 if OpenSSL only support SSLv2 and SSLv3?

Question

I am using openssl-0.9.8e-7.el5.

openssl ciphers -v shows support only for SSLv2 and SSLv3 cipher types.

However, if I test this connection using tls 1.0 it connects successfully:

openssl s_client -connect hostname:15000 -tls1

 CONNECTED(00000003)
 SSL handshake has read 2136 bytes and written 413 bytes
...
New, TLSv1/SSLv3, Cipher is AES256-SHA
Server public key is 2048 bit
Compression: zlib compression
Expansion: zlib compression
SSL-Session:
Protocol  : TLSv1
Cipher    : AES256-SHA

How does it show Protocol is TLSv1 yet OpenSSL itself only supports SSL 3 and 2?

Steffen Ullrich Steffen Ullrich · Accepted Answer · 2015-03-25T17:40:40

SSLv3 cipher suites are usable with protocol versions SSLv3 and up, i.e also TLS1.x. The version of the cipher suite only tells you the minimal protocol version.

This also means that if you disable SSLv3 and SSLv2 ciphers suites you effectively disable not only SSLv3 but also TLS 1.0 and TLS 1.1, since new cipher suites were only introduced with TLS 1.2.

Why can I connect TLSv1 if OpenSSL only support SSLv2 and SSLv3?

1 Answers