Allow disabling the min and max version

Reviewed-by: Viktor Dukhovni <openssl-users@dukhovni.org>
This commit is contained in:
Kurt Roeckx 2016-01-02 20:06:07 +01:00
parent ca0004e561
commit 869e978c98
3 changed files with 10 additions and 1 deletions

View file

@ -113,7 +113,8 @@ operations are permitted.
Sets the minimum and maximum supported protocol.
Currently supported protocol values are B<SSLv3>, B<TLSv1>,
B<TLSv1.1>, B<TLSv1.2> for TLS and B<DTLSv1>, B<DTLSv1.2> for DTLS.
B<TLSv1.1>, B<TLSv1.2> for TLS and B<DTLSv1>, B<DTLSv1.2> for DTLS,
and B<None> for no limit.
If the either bound is not specified then only the other bound applies,
if specified.
To restrict the supported protocol versions use these commands rather
@ -275,6 +276,7 @@ This sets the minimum supported SSL, TLS or DTLS version.
Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
The value B<None> will disable the limit.
=item B<MaxProtocol>
@ -282,6 +284,7 @@ This sets the maximum supported SSL, TLS or DTLS version.
Currently supported protocol values are B<SSLv3>, B<TLSv1>, B<TLSv1.1>,
B<TLSv1.2>, B<DTLSv1> and B<DTLSv1.2>.
The value B<None> will disable the limit.
=item B<Protocol>

View file

@ -332,6 +332,7 @@ static int protocol_from_string(const char *value)
int version;
};
static const struct protocol_versions versions[] = {
{"None", 0},
{"SSLv3", SSL3_VERSION},
{"TLSv1", TLS1_VERSION},
{"TLSv1.1", TLS1_1_VERSION},

View file

@ -834,6 +834,11 @@ int ssl_check_version_downgrade(SSL *s)
*/
int ssl_set_version_bound(int method_version, int version, int *bound)
{
if (version == 0) {
*bound = version;
return 1;
}
/*-
* Restrict TLS methods to TLS protocol versions.
* Restrict DTLS methods to DTLS protocol versions.