4.2.6. RTI TLS Support¶
4.2.6.1. OpenSSL upgrade¶
Release 6.1.0 of TLS Support uses OpenSSL® 1.1.1k. (Release 6.0.0 used OpenSSL 1.0.2o, and Release 6.0.1 used 1.1.1d.) TLS Support 6.1.0 is API-compatible with OpenSSL versions 1.1.0 through 1.1.1k, not with versions earlier than OpenSSL 1.1.0. If you need TLS Support 6.1.0 to run against older versions of OpenSSL, please contact support@rti.com.
For instructions on installing the latest version of OpenSSL, see the RTI TLS Support Installation Guide 6.1.0.
4.2.6.2. Changed OpenSSL static library names¶
The OpenSSL static library names no longer have a “z” suffix. Therefore, when including the static libraries in a makefile, we recommend including the whole path to the OpenSSL static libraries in order to avoid confusion with the dynamic libraries. See: Section 4.2.4.3 for details.
4.2.6.3. tls.cipher.cipher_list property has no effect when using TLS 1.3¶
The property tls.cipher.cipher_list
applies only to TLS 1.2 communication,
which occurs when either of the two communicating DomainParticipants is using a
Connext version older than 6.0.1. When both communicating DomainParticipants
are using Connext 6.0.1 or later, they use TLS 1.3 communication, and the
tls.cipher.cipher_list
property does not apply.
Starting with Connext 6.1.0 two properties are now supported:
tls.cipher.cipher_list
: List of available TLS ciphers when communicating with Connext 6.0.0 or below. See the OpenSSL manual page for SSL_set_cipher_list for more information on the format of this string. Default: NULL
tls.cipher.ciphersuites
: List of available TLS ciphersuites when communicating with Connext 6.0.1 or above. See the OpenSSL manual page for SSL_CTX_set_ciphersuites for more information on the format of this string. Default: NULL
Note that both properties can be set at the same time: in that case, Connext will enforce the applicable property depending on the Connext version of the involved DomainParticipants.