Order of protocols in MinProtocol

Kurt Roeckx kurt at roeckx.be
Sun Jul 12 07:35:04 UTC 2020

On Sun, Jul 12, 2020 at 12:29:43AM -0400, Viktor Dukhovni wrote:
> The main outstanding issue for which I'm authoring a new PR, is that
> each of the above results in SSL_CONF_cmd() returning an error for
> contexts of the other type or for contexts that are for a specific fixed
> version of TLS or DTLS, and perhaps these errors are not ignored and
> cause issues with context initialisation?  The update I'm writing will
> be more forgiving and silently report success when the setting is not
> applicable.

Looking at openconnect's code, it now supports 3 ways:
- DTLSv1_client_method() with DTLS1_BAD_VER.
- DTLS_client_method() with DTLS1_2_VERSION

The first 2 options will overwrite the protocol min and max version,
so whatever is in the config file will not have any effect.


More information about the openssl-users mailing list