]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 85fc834) | patch
Disable TLS 1.3 support with mbed TLS
authorMax Fillinger <maximilian.fillinger@foxcrypto.com>
Wed, 15 Nov 2023 15:17:40 +0000 (16:17 +0100)
committerGert Doering <gert@greenie.muc.de>
Wed, 15 Nov 2023 16:12:48 +0000 (17:12 +0100)
commitefad93d049c318a3bd9ea5956c6ac8237b8d6d70
treef58a03ca90c6112a75f3232f51ac9b13a8b20f27tree | snapshot
parent85fc834b0229b87e466b4f60bd2618b2ecd27a5fcommit | diff
Disable TLS 1.3 support with mbed TLS

As of version 3.5.0 the TLS-Exporter function is not yet implemented in
mbed TLS, and the exporter_master_secret is not exposed to the
application either. Falling back to an older PRF when claiming to use
TLS1.3 seems like false advertising.

Change-Id: If4e1c4af9831eb1090ccb3a3c4d3e76b413f0708
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
Message-Id: <20231115151740.23948-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27453.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
README.mbedtls diff | blob | blame | history
src/openvpn/ssl_mbedtls.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git