3.2.6. RTI TLS Support

3.2.6.1. OpenSSL upgrade

Release 6.1.0 of TLS Support uses OpenSSL® 1.1.1k. (Release 6.0.0 used OpenSSL 1.0.2o, and Release 6.0.1 used 1.1.1d.) TLS Support 6.1.0 is API-compatible with OpenSSL versions 1.1.0 through 1.1.1k, not with versions earlier than OpenSSL 1.1.0. If you need TLS Support 6.1.0 to run against older versions of OpenSSL, please contact support@rti.com.

For instructions on installing the latest version of OpenSSL, see the RTI TLS Support Installation Guide 6.1.0.

3.2.6.2. Changed OpenSSL static library names

The OpenSSL static library names no longer have a “z” suffix. Therefore, when including the static libraries in a makefile, we recommend including the whole path to the OpenSSL static libraries in order to avoid confusion with the dynamic libraries. See: Section 3.2.4.3 for details.

3.2.6.3. tls.cipher.cipher_list property has no effect when using TLS 1.3

The property tls.cipher.cipher_list applies only to TLS 1.2 communication, which occurs when either of the two communicating DomainParticipants is using a Connext DDS version older than 6.0.1. When both communicating DomainParticipants are using Connext DDS 6.0.1 or later, they use TLS 1.3 communication, and the tls.cipher.cipher_list property does not apply.

Starting with Connext DDS 6.1.0 two properties are now supported:

  • tls.cipher.cipher_list: List of available TLS ciphers when communicating with Connext DDS 6.0.0 or below. See the OpenSSL manual page for SSL_set_cipher_list for more information on the format of this string. Default: NULL

  • tls.cipher.ciphersuites: List of available TLS ciphersuites when communicating with Connext DDS 6.0.1 or above. See the OpenSSL manual page for SSL_CTX_set_ciphersuites for more information on the format of this string. Default: NULL

Note that both properties can be set at the same time: in that case, Connext DDS will enforce the applicable property depending on the Connext DDS version of the involved DomainParticipants.