Tested with the current openssl master branch for TLS 1.3 support.
mbed TLS has no public builds with TLS 1.3 support yet, so nothing to do
there right now.
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20171126141555.25930-2-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15932.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -528,6 +528,10 @@ tls_version_parse(const char *vstr, const char *extra) |
528 | 528 |
{ |
529 | 529 |
return TLS_VER_1_2; |
530 | 530 |
} |
531 |
+ else if (!strcmp(vstr, "1.3") && TLS_VER_1_3 <= max_version) |
|
532 |
+ { |
|
533 |
+ return TLS_VER_1_3; |
|
534 |
+ } |
|
531 | 535 |
else if (extra && !strcmp(extra, "or-highest")) |
532 | 536 |
{ |
533 | 537 |
return max_version; |
... | ... |
@@ -206,7 +206,9 @@ info_callback(INFO_CALLBACK_SSL_CONST SSL *s, int where, int ret) |
206 | 206 |
int |
207 | 207 |
tls_version_max(void) |
208 | 208 |
{ |
209 |
-#if defined(TLS1_2_VERSION) || defined(SSL_OP_NO_TLSv1_2) |
|
209 |
+#if defined(TLS1_3_VERSION) |
|
210 |
+ return TLS_VER_1_3; |
|
211 |
+#elif defined(TLS1_2_VERSION) || defined(SSL_OP_NO_TLSv1_2) |
|
210 | 212 |
return TLS_VER_1_2; |
211 | 213 |
#elif defined(TLS1_1_VERSION) || defined(SSL_OP_NO_TLSv1_1) |
212 | 214 |
return TLS_VER_1_1; |
... | ... |
@@ -231,6 +233,12 @@ openssl_tls_version(int ver) |
231 | 231 |
{ |
232 | 232 |
return TLS1_2_VERSION; |
233 | 233 |
} |
234 |
+#if defined(TLS1_3_VERSION) |
|
235 |
+ else if (ver == TLS_VER_1_3) |
|
236 |
+ { |
|
237 |
+ return TLS1_3_VERSION; |
|
238 |
+ } |
|
239 |
+#endif |
|
234 | 240 |
return 0; |
235 | 241 |
} |
236 | 242 |
|