Order of protocols in MinProtocol
Kurt Roeckx
kurt at roeckx.be
Sun Jul 12 07:35:04 UTC 2020
On Sun, Jul 12, 2020 at 12:29:43AM -0400, Viktor Dukhovni wrote:
>
> The main outstanding issue for which I'm authoring a new PR, is that
> each of the above results in SSL_CONF_cmd() returning an error for
> contexts of the other type or for contexts that are for a specific fixed
> version of TLS or DTLS, and perhaps these errors are not ignored and
> cause issues with context initialisation? The update I'm writing will
> be more forgiving and silently report success when the setting is not
> applicable.
Looking at openconnect's code, it now supports 3 ways:
- DTLSv1_client_method() with DTLS1_BAD_VER.
- DTLS_client_method() with DTLS1_2_VERSION
- A PSK
The first 2 options will overwrite the protocol min and max version,
so whatever is in the config file will not have any effect.
Kurt
More information about the openssl-users
mailing list