]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1aa2995) | patch
Disable TLS 1.3 support with mbed TLS
authorMax Fillinger <maximilian.fillinger@foxcrypto.com>
Wed, 15 Nov 2023 15:17:40 +0000 (16:17 +0100)
committerGert Doering <gert@greenie.muc.de>
Wed, 17 Jan 2024 16:57:53 +0000 (17:57 +0100)
commit7fa534dbb81c7e3d526a2e9110f35d11de26105c
treefba2f4eac488bf319a73acd0a95f6c511e6c2390tree | snapshot
parent1aa2995ebc06a2b8d6df48eb63eb15482fd07865commit | diff
Disable TLS 1.3 support with mbed TLS

As of version 3.5.0 the TLS-Exporter function is not yet implemented in
mbed TLS, and the exporter_master_secret is not exposed to the
application either. Falling back to an older PRF when claiming to use
TLS1.3 seems like false advertising.

Change-Id: If4e1c4af9831eb1090ccb3a3c4d3e76b413f0708
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20231115151740.23948-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27453.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit efad93d049c318a3bd9ea5956c6ac8237b8d6d70)
README.mbedtls diff | blob | blame | history
src/openvpn/ssl_mbedtls.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git