Allow disabling the min and max version
Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
This commit is contained in:
parent
ca0004e561
commit
869e978c98
3 changed files with 10 additions and 1 deletions
|
@ -113,7 +113,8 @@ operations are permitted.
|
|||
|
||||
Sets the minimum and maximum supported protocol.
|
||||
Currently supported protocol values are B<SSLv3>, B<TLSv1>,
|
||||
B<TLSv1.1>, B<TLSv1.2> for TLS and B<DTLSv1>, B<DTLSv1.2> for DTLS.
|
||||
B<TLSv1.1>, B<TLSv1.2> for TLS and B<DTLSv1>, B<DTLSv1.2> for DTLS,
|
||||
and B<None> for no limit.
|
||||
If the either bound is not specified then only the other bound applies,
|
||||
if specified.
|
||||
To restrict the supported protocol versions use these commands rather
|
||||
|
@ -275,6 +276,7 @@ This sets the minimum supported SSL, TLS or DTLS version.
|
|||
|
||||
Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
|
||||
B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
|
||||
The value B<None> will disable the limit.
|
||||
|
||||
=item B<MaxProtocol>
|
||||
|
||||
|
@ -282,6 +284,7 @@ This sets the maximum supported SSL, TLS or DTLS version.
|
|||
|
||||
Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
|
||||
B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
|
||||
The value B<None> will disable the limit.
|
||||
|
||||
=item B<Protocol>
|
||||
|
||||
|
|
|
@ -332,6 +332,7 @@ static int protocol_from_string(const char *value)
|
|||
int version;
|
||||
};
|
||||
static const struct protocol_versions versions[] = {
|
||||
{"None", 0},
|
||||
{"SSLv3", SSL3_VERSION},
|
||||
{"TLSv1", TLS1_VERSION},
|
||||
{"TLSv1.1", TLS1_1_VERSION},
|
||||
|
|
|
@ -834,6 +834,11 @@ int ssl_check_version_downgrade(SSL *s)
|
|||
*/
|
||||
int ssl_set_version_bound(int method_version, int version, int *bound)
|
||||
{
|
||||
if (version == 0) {
|
||||
*bound = version;
|
||||
return 1;
|
||||
}
|
||||
|
||||
/*-
|
||||
* Restrict TLS methods to TLS protocol versions.
|
||||
* Restrict DTLS methods to DTLS protocol versions.
|
||||
|
|
Loading…
Reference in a new issue