diff options
| author | jsing <> | 2022-09-11 18:13:30 +0000 |
|---|---|---|
| committer | jsing <> | 2022-09-11 18:13:30 +0000 |
| commit | f09ab23dacefdbeea6947b43abb45f2e5c0e1f71 (patch) | |
| tree | cea35640570e486f5ef7fa8b9d31008bb009694c /src/lib/libssl/ssl_versions.c | |
| parent | 1a27aebc8e7d98572e7f85acc40edf4735e87d92 (diff) | |
| download | openbsd-f09ab23dacefdbeea6947b43abb45f2e5c0e1f71.tar.gz openbsd-f09ab23dacefdbeea6947b43abb45f2e5c0e1f71.tar.bz2 openbsd-f09ab23dacefdbeea6947b43abb45f2e5c0e1f71.zip | |
Enforce the minimum TLS version requirement for QUIC.
ok tb@
Diffstat (limited to '')
| -rw-r--r-- | src/lib/libssl/ssl_versions.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c index 06e26b8059..4a58f14ccd 100644 --- a/src/lib/libssl/ssl_versions.c +++ b/src/lib/libssl/ssl_versions.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_versions.c,v 1.23 2022/06/30 11:17:50 tb Exp $ */ | 1 | /* $OpenBSD: ssl_versions.c,v 1.24 2022/09/11 18:13:30 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -177,6 +177,14 @@ ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) | |||
| 177 | s->internal->min_tls_version, s->internal->max_tls_version)) | 177 | s->internal->min_tls_version, s->internal->max_tls_version)) |
| 178 | return 0; | 178 | return 0; |
| 179 | 179 | ||
| 180 | /* QUIC requires a minimum of TLSv1.3. */ | ||
| 181 | if (SSL_is_quic(s)) { | ||
| 182 | if (max_version < TLS1_3_VERSION) | ||
| 183 | return 0; | ||
| 184 | if (min_version < TLS1_3_VERSION) | ||
| 185 | min_version = TLS1_3_VERSION; | ||
| 186 | } | ||
| 187 | |||
| 180 | if (min_ver != NULL) | 188 | if (min_ver != NULL) |
| 181 | *min_ver = min_version; | 189 | *min_ver = min_version; |
| 182 | if (max_ver != NULL) | 190 | if (max_ver != NULL) |