diff options
| author | jsing <> | 2018-11-06 01:40:23 +0000 |
|---|---|---|
| committer | jsing <> | 2018-11-06 01:40:23 +0000 |
| commit | 2b4e9fdab1569e84d0592bab45d9ba015701e1a9 (patch) | |
| tree | c5c704026b546c6ad3e4e5b3b5d9bc2949b0b385 /src | |
| parent | b423b78e5d29b2dff67a10e6e305b3d1c725c449 (diff) | |
| download | openbsd-2b4e9fdab1569e84d0592bab45d9ba015701e1a9.tar.gz openbsd-2b4e9fdab1569e84d0592bab45d9ba015701e1a9.tar.bz2 openbsd-2b4e9fdab1569e84d0592bab45d9ba015701e1a9.zip | |
Include TLSv1.3 in version handling code.
This is effectively a no-op, since most of the code clamps to the maximum
version supported by the TLS method (which are still at TLSv1.2).
ok beck@ bluhm@ tb@
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/ssl_versions.c | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c index 240a2498aa..2b5e94e5b8 100644 --- a/src/lib/libssl/ssl_versions.c +++ b/src/lib/libssl/ssl_versions.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: ssl_versions.c,v 1.3 2017/05/06 20:37:25 jsing Exp $ */ | 1 | /* $OpenBSD: ssl_versions.c,v 1.4 2018/11/06 01:40:23 jsing Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> | 3 | * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org> |
| 4 | * | 4 | * |
| @@ -94,7 +94,7 @@ ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) | |||
| 94 | */ | 94 | */ |
| 95 | 95 | ||
| 96 | min_version = 0; | 96 | min_version = 0; |
| 97 | max_version = TLS1_2_VERSION; | 97 | max_version = TLS1_3_VERSION; |
| 98 | 98 | ||
| 99 | if ((s->internal->options & SSL_OP_NO_TLSv1) == 0) | 99 | if ((s->internal->options & SSL_OP_NO_TLSv1) == 0) |
| 100 | min_version = TLS1_VERSION; | 100 | min_version = TLS1_VERSION; |
| @@ -102,7 +102,11 @@ ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) | |||
| 102 | min_version = TLS1_1_VERSION; | 102 | min_version = TLS1_1_VERSION; |
| 103 | else if ((s->internal->options & SSL_OP_NO_TLSv1_2) == 0) | 103 | else if ((s->internal->options & SSL_OP_NO_TLSv1_2) == 0) |
| 104 | min_version = TLS1_2_VERSION; | 104 | min_version = TLS1_2_VERSION; |
| 105 | else if ((s->internal->options & SSL_OP_NO_TLSv1_3) == 0) | ||
| 106 | min_version = TLS1_3_VERSION; | ||
| 105 | 107 | ||
| 108 | if ((s->internal->options & SSL_OP_NO_TLSv1_3) && min_version < TLS1_3_VERSION) | ||
| 109 | max_version = TLS1_2_VERSION; | ||
| 106 | if ((s->internal->options & SSL_OP_NO_TLSv1_2) && min_version < TLS1_2_VERSION) | 110 | if ((s->internal->options & SSL_OP_NO_TLSv1_2) && min_version < TLS1_2_VERSION) |
| 107 | max_version = TLS1_1_VERSION; | 111 | max_version = TLS1_1_VERSION; |
| 108 | if ((s->internal->options & SSL_OP_NO_TLSv1_1) && min_version < TLS1_1_VERSION) | 112 | if ((s->internal->options & SSL_OP_NO_TLSv1_1) && min_version < TLS1_1_VERSION) |
| @@ -171,7 +175,9 @@ ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver) | |||
| 171 | return 0; | 175 | return 0; |
| 172 | } | 176 | } |
| 173 | 177 | ||
| 174 | if (peer_ver >= TLS1_2_VERSION) | 178 | if (peer_ver >= TLS1_3_VERSION) |
| 179 | shared_version = TLS1_3_VERSION; | ||
| 180 | else if (peer_ver >= TLS1_2_VERSION) | ||
| 175 | shared_version = TLS1_2_VERSION; | 181 | shared_version = TLS1_2_VERSION; |
| 176 | else if (peer_ver >= TLS1_1_VERSION) | 182 | else if (peer_ver >= TLS1_1_VERSION) |
| 177 | shared_version = TLS1_1_VERSION; | 183 | shared_version = TLS1_1_VERSION; |