]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: dd73b62) | patch
Fix the "default" tls-version-min setting
authorSelva Nair <selva.nair@gmail.com>
Fri, 15 Oct 2021 04:32:27 +0000 (00:32 -0400)
committerGert Doering <gert@greenie.muc.de>
Fri, 15 Oct 2021 15:00:10 +0000 (17:00 +0200)
commit51be733ba236610dff6a1c361cf59172db97473a
tree82be9b0386d0a633b02df9c4acb29ac06f3577b3tree
parentdd73b620f2bbb4ad9d3b9d43e5124911e48256f1commit | diff
Fix the "default" tls-version-min setting

commit 968569f83b1561ea4dff5b8b1f0d7768e2a18e69
defined TLS 1.2 as the minimum version if not set
by user. But the patch introduced two errors:

(i) ssl_flags is overwritten without regard to other
    options set in the flags
(ii) Any tls-version-max set by the user is not taken into
     account.
Makes it impossible to set tls-version-max without also setting
tls-version-min along with loss of other bits set in ssl_flags.

Fix it.

The fix retains the original intent when possible, and tries to
use the maximum possible value when it cannot be set to TLS 1.2
without conflicting with user-specified tls-version-max, if any.

Signed-off-by: Selva Nair <selva.nair@gmail.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20211015043227.10679-1-selva.nair@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22939.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
src/openvpn/options.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git