mirrors/openvpn
0
0
Fork 0
mirror of https://github.com/OpenVPN/openvpn.git synced 2024-11-23 09:43:45 +08:00
Code Issues Packages Projects Releases Wiki Activity

mbedtls: Warn if --tls-version-min is too low

Browse Source 
Recent versions of mbedtls only support TLS 1.2. When the minimum
version is set to TLS 1.0 or 1.1, log a warning and use 1.2 as the
actual minimum version.

Change-Id: Ibc641388d8016533c94dfef3618376f6dfa91f4e
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Message-Id: <20240703174158.7137-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28865.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
This commit is contained in:
Max Fillinger 2024-07-03 19:41:58 +02:00 committed by Gert Doering
parent 0ea51261d0
commit c535fa7afe
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/openvpn/options.c
View File

@ -8942,6 +8942,15 @@ add_option(struct options *options,
msg(msglevel, "unknown tls-version-min parameter: %s", p[1]);
goto err;
}
#ifdef ENABLE_CRYPTO_MBEDTLS
if (ver < TLS_VER_1_2)
{
msg(M_WARN, "--tls-version-min %s is not supported by mbedtls, using 1.2", p[1]);
ver = TLS_VER_1_2;
}
#endif
options->ssl_flags &=
~(SSLF_TLS_VERSION_MIN_MASK << SSLF_TLS_VERSION_MIN_SHIFT);
options->ssl_flags |= (ver << SSLF_TLS_VERSION_MIN_SHIFT);