From 2b4e9fdab1569e84d0592bab45d9ba015701e1a9 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Tue, 6 Nov 2018 01:40:23 +0000 Subject: Include TLSv1.3 in version handling code. This is effectively a no-op, since most of the code clamps to the maximum version supported by the TLS method (which are still at TLSv1.2). ok beck@ bluhm@ tb@ --- src/lib/libssl/ssl_versions.c | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c index 240a2498aa..2b5e94e5b8 100644 --- a/src/lib/libssl/ssl_versions.c +++ b/src/lib/libssl/ssl_versions.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_versions.c,v 1.3 2017/05/06 20:37:25 jsing Exp $ */ +/* $OpenBSD: ssl_versions.c,v 1.4 2018/11/06 01:40:23 jsing Exp $ */ /* * Copyright (c) 2016, 2017 Joel Sing * @@ -94,7 +94,7 @@ ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) */ min_version = 0; - max_version = TLS1_2_VERSION; + max_version = TLS1_3_VERSION; if ((s->internal->options & SSL_OP_NO_TLSv1) == 0) min_version = TLS1_VERSION; @@ -102,7 +102,11 @@ ssl_enabled_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver) min_version = TLS1_1_VERSION; else if ((s->internal->options & SSL_OP_NO_TLSv1_2) == 0) min_version = TLS1_2_VERSION; + else if ((s->internal->options & SSL_OP_NO_TLSv1_3) == 0) + min_version = TLS1_3_VERSION; + if ((s->internal->options & SSL_OP_NO_TLSv1_3) && min_version < TLS1_3_VERSION) + max_version = TLS1_2_VERSION; if ((s->internal->options & SSL_OP_NO_TLSv1_2) && min_version < TLS1_2_VERSION) max_version = TLS1_1_VERSION; if ((s->internal->options & SSL_OP_NO_TLSv1_1) && min_version < TLS1_1_VERSION) @@ -171,7 +175,9 @@ ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver) return 0; } - if (peer_ver >= TLS1_2_VERSION) + if (peer_ver >= TLS1_3_VERSION) + shared_version = TLS1_3_VERSION; + else if (peer_ver >= TLS1_2_VERSION) shared_version = TLS1_2_VERSION; else if (peer_ver >= TLS1_1_VERSION) shared_version = TLS1_1_VERSION; -- cgit v1.2.3-55-g6feb