git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Antonio Quartulli <a@unstable.cc>
	Mon, 13 Sep 2021 19:29:29 +0000 (21:29 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 21 Sep 2021 11:24:26 +0000 (13:24 +0200)
commit	968569f83b1561ea4dff5b8b1f0d7768e2a18e69
tree	fc057b453dcaa2142e823037c822782bd0f2d374	tree \| snapshot
parent	cdef503b646087f9284b53e01c64988c98879c36	commit \| diff

Set TLS 1.2 as minimum by default

Do not accept handshakes with peers trying to negotiate TLS lower than 1.2.

TLS 1.1 and 1.0 are not recommended and therefore we will, by default,
allow TLS 1.2 as minimum version.

The minimum allowed version can still be controlled via
'--tls-version-min'.

At the same time automatically set '--tls-version-min' to 1.0 if the
user requires compatibility with versions onlder than 2.3.7, as that was
the only version supported back then.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210913192929.26391-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22838.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

Changes.rst		diff \| blob \| blame \| history
doc/man-sections/generic-options.rst		diff \| blob \| blame \| history
doc/man-sections/tls-options.rst		diff \| blob \| blame \| history
src/openvpn/options.c		diff \| blob \| blame \| history