Tested with the current openssl master branch for TLS 1.3 support.
mbed TLS has no public builds with TLS 1.3 support yet, so nothing to do
there right now.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <
20171126141555.25930-2-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15932.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit
8ca9eda119638a88863118affd69dfaf8b867c92)
{
return TLS_VER_1_2;
}
+ else if (!strcmp(vstr, "1.3") && TLS_VER_1_3 <= max_version)
+ {
+ return TLS_VER_1_3;
+ }
else if (extra && !strcmp(extra, "or-highest"))
{
return max_version;
#define TLS_VER_1_0 1
#define TLS_VER_1_1 2
#define TLS_VER_1_2 3
+#define TLS_VER_1_3 4
int tls_version_parse(const char *vstr, const char *extra);
/**
int
tls_version_max(void)
{
-#if defined(TLS1_2_VERSION) || defined(SSL_OP_NO_TLSv1_2)
+#if defined(TLS1_3_VERSION)
+ return TLS_VER_1_3;
+#elif defined(TLS1_2_VERSION) || defined(SSL_OP_NO_TLSv1_2)
return TLS_VER_1_2;
#elif defined(TLS1_1_VERSION) || defined(SSL_OP_NO_TLSv1_1)
return TLS_VER_1_1;
{
return TLS1_2_VERSION;
}
+#if defined(TLS1_3_VERSION)
+ else if (ver == TLS_VER_1_3)
+ {
+ return TLS1_3_VERSION;
+ }
+#endif
return 0;
}
projects / thirdparty / openvpn.git / commitdiff
