Browse code
Add support for TLS 1.3 in --tls-version-{min, max}
Tested with the current openssl master branch for TLS 1.3 support.
mbed TLS has no public builds with TLS 1.3 support yet, so nothing to do
there right now.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20171126141555.25930-2-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15932.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Steffan Karger authored on 2017/11/26 23:15:54Showing 3 changed files
| ... | ... |
@@ -528,6 +528,10 @@ tls_version_parse(const char *vstr, const char *extra) |
| 528 | 528 |
{
|
| 529 | 529 |
return TLS_VER_1_2; |
| 530 | 530 |
} |
| 531 |
+ else if (!strcmp(vstr, "1.3") && TLS_VER_1_3 <= max_version) |
|
| 532 |
+ {
|
|
| 533 |
+ return TLS_VER_1_3; |
|
| 534 |
+ } |
|
| 531 | 535 |
else if (extra && !strcmp(extra, "or-highest")) |
| 532 | 536 |
{
|
| 533 | 537 |
return max_version; |
| ... | ... |
@@ -206,7 +206,9 @@ info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret) |
| 206 | 206 |
int |
| 207 | 207 |
tls_version_max(void) |
| 208 | 208 |
{
|
| 209 |
-#if defined(TLS1_2_VERSION) || defined(SSL_OP_NO_TLSv1_2) |
|
| 209 |
+#if defined(TLS1_3_VERSION) |
|
| 210 |
+ return TLS_VER_1_3; |
|
| 211 |
+#elif defined(TLS1_2_VERSION) || defined(SSL_OP_NO_TLSv1_2) |
|
| 210 | 212 |
return TLS_VER_1_2; |
| 211 | 213 |
#elif defined(TLS1_1_VERSION) || defined(SSL_OP_NO_TLSv1_1) |
| 212 | 214 |
return TLS_VER_1_1; |
| ... | ... |
@@ -231,6 +233,12 @@ openssl_tls_version(int ver) |
| 231 | 231 |
{
|
| 232 | 232 |
return TLS1_2_VERSION; |
| 233 | 233 |
} |
| 234 |
+#if defined(TLS1_3_VERSION) |
|
| 235 |
+ else if (ver == TLS_VER_1_3) |
|
| 236 |
+ {
|
|
| 237 |
+ return TLS1_3_VERSION; |
|
| 238 |
+ } |
|
| 239 |
+#endif |
|
| 234 | 240 |
return 0; |
| 235 | 241 |
} |
| 236 | 242 |
|