]> git.ipfire.org Git - thirdparty/openssl.git/commit - CHANGES.md
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5ac582d) | patch
Avoid errors with a priori inapplicable protocol bounds
authorViktor Dukhovni <openssl-users@dukhovni.org>
Fri, 17 Jul 2020 01:30:43 +0000 (23:30 -0200)
committerViktor Dukhovni <openssl-users@dukhovni.org>
Tue, 21 Jul 2020 18:40:07 +0000 (16:40 -0200)
commit77174598920a05826a28d8a0bd87a3af43d3f4d8
treeed3d423072d3f399e583d1cc7787f1d5490a3e0etree | snapshot
parent5ac582d949c4f0dbf919c99d59496035a1f7e982commit | diff
Avoid errors with a priori inapplicable protocol bounds

The 'MinProtocol' and 'MaxProtocol' configuration commands now silently
ignore TLS protocol version bounds when configurign DTLS-based contexts,
and conversely, silently ignore DTLS protocol version bounds when
configuring TLS-based contexts.  The commands can be repeated to set
bounds of both types.  The same applies with the corresponding
"min_protocol" and "max_protocol" command-line switches, in case some
application uses both TLS and DTLS.

SSL_CTX instances that are created for a fixed protocol version (e.g.
TLSv1_server_method()) also silently ignore version bounds.  Previously
attempts to apply bounds to these protocol versions would result in an
error.  Now only the "version-flexible" SSL_CTX instances are subject to
limits in configuration files in command-line options.

Expected to resolve #12394

Reviewed-by: Paul Dale <paul.dale@oracle.com>
GH: #12472
CHANGES.md diff | blob | blame | history
doc/man3/SSL_CONF_cmd.pod diff | blob | blame | history
doc/man5/config.pod diff | blob | blame | history
ssl/ssl_conf.c diff | blob | blame | history
ssl/statem/statem_lib.c diff | blob | blame | history
A mirror of the official openssl repository