2.2.6. RTI TLS Support OpenSSL upgrade

Release 6.1.0 of TLS Support uses OpenSSL® 1.1.1k. (Release 6.0.0 used OpenSSL 1.0.2o, and Release 6.0.1 used 1.1.1d.) TLS Support 6.1.0 is API-compatible with OpenSSL versions 1.1.0 through 1.1.1k, not with versions earlier than OpenSSL 1.1.0. If you need TLS Support 6.1.0 to run against older versions of OpenSSL, please contact support@rti.com.

For instructions on installing the latest version of OpenSSL, see the RTI TLS Support Installation Guide 6.1.0. Changed OpenSSL static library names

The OpenSSL static library names no longer have a “z” suffix. Therefore, when including the static libraries in a makefile, we recommend including the whole path to the OpenSSL static libraries in order to avoid confusion with the dynamic libraries. See: Section for details. tls.cipher.cipher_list property has no effect when using TLS 1.3

The property tls.cipher.cipher_list applies only to TLS 1.2 communication, which occurs when either of the two communicating DomainParticipants is using a Connext DDS version older than 6.0.1. When both communicating DomainParticipants are using Connext DDS 6.0.1 or later, they use TLS 1.3 communication, and the tls.cipher.cipher_list property does not apply.

Starting with Connext DDS 6.1.0 two properties are now supported:

  • tls.cipher.cipher_list: List of available TLS ciphers when communicating with Connext DDS 6.0.0 or below. See the OpenSSL manual page for SSL_set_cipher_list for more information on the format of this string. Default: NULL

  • tls.cipher.ciphersuites: List of available TLS ciphersuites when communicating with Connext DDS 6.0.1 or above. See the OpenSSL manual page for SSL_CTX_set_ciphersuites for more information on the format of this string. Default: NULL

Note that both properties can be set at the same time: in that case, Connext DDS will enforce the applicable property depending on the Connext DDS version of the involved DomainParticipants.