Browse code
Use right function to set TLS1.3 restrictions in show-tls
The last version of the patch used the TLS1.2 version
tls_ctx_restrict_ciphers to set the restrictions for both
TLS 1.3 and TLS1.2 instead of using tls_ctx_restrict_ciphers_tls13
for TLS1.3.
Also fix minor style problem while I am touching the function
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20181011220639.7316-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg17755.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Arne Schwabe authored on 2018/10/12 07:06:39Showing 1 changed files
| ... | ... |
@@ -2002,15 +2002,16 @@ show_available_tls_ciphers_list(const char *cipher_list, |
| 2002 | 2002 |
if (tls13) |
| 2003 | 2003 |
{
|
| 2004 | 2004 |
SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION); |
| 2005 |
+ tls_ctx_restrict_ciphers_tls13(&tls_ctx, cipher_list); |
|
| 2005 | 2006 |
} |
| 2006 | 2007 |
else |
| 2007 | 2008 |
#endif |
| 2008 | 2009 |
{
|
| 2009 | 2010 |
SSL_CTX_set_max_proto_version(tls_ctx.ctx, TLS1_2_VERSION); |
| 2011 |
+ tls_ctx_restrict_ciphers(&tls_ctx, cipher_list); |
|
| 2010 | 2012 |
} |
| 2011 | 2013 |
|
| 2012 | 2014 |
tls_ctx_set_cert_profile(&tls_ctx, tls_cert_profile); |
| 2013 |
- tls_ctx_restrict_ciphers(&tls_ctx, cipher_list); |
|
| 2014 | 2015 |
|
| 2015 | 2016 |
SSL *ssl = SSL_new(tls_ctx.ctx); |
| 2016 | 2017 |
if (!ssl) |
| ... | ... |
@@ -2039,7 +2040,8 @@ show_available_tls_ciphers_list(const char *cipher_list, |
| 2039 | 2039 |
else if (NULL == pair) |
| 2040 | 2040 |
{
|
| 2041 | 2041 |
/* No translation found, print warning */ |
| 2042 |
- printf("%s (No IANA name known to OpenVPN, use OpenSSL name.)\n", cipher_name);
|
|
| 2042 |
+ printf("%s (No IANA name known to OpenVPN, use OpenSSL name.)\n",
|
|
| 2043 |
+ cipher_name); |
|
| 2043 | 2044 |
} |
| 2044 | 2045 |
else |
| 2045 | 2046 |
{
|