summaryrefslogtreecommitdiff
path: root/etc
diff options
context:
space:
mode:
authorTheo Buehler <tb@cvs.openbsd.org>2024-08-02 15:00:02 +0000
committerTheo Buehler <tb@cvs.openbsd.org>2024-08-02 15:00:02 +0000
commit9c100d81aa6497eeb01544d489c873dbf5c179aa (patch)
tree72eee15e9ea48a6b5aed41c9054c11b17733cf9f /etc
parent94591bca44504b3e729d3d60ff4d6c0c373a37c0 (diff)
libtls: fix legacy protocol parsing
Redefining TLS_PROTOCOL_TLSv1_0 and TLS_PROTOCOL_TLSv1_1 to be the same as TLS_PROTOCOL_TLSv1_2 had undesired side effects, as witnessed in the accompanying regress tests. The protocol string all:tlsv1.0 would disable TLSv1.2 (so only enable TLSv1.3) and tlsv1.2:!tlsv1.1 would disable all protocols. It makes more sense to ignore any setting of TLSv1.0 and TLSv1.1, so if you request 'tlsv1.1' you get no protocol, but 'all:!tlsv1.1' will enable the two supported protocols TLSv1.3 and TLSv1.2. Restore the defines to their original values and adjust the parsing code to set/unset them. Issue reported by Kenjiro Nakayama Fixes https://github.com/libressl/openbsd/issues/151 with/ok jsing
Diffstat (limited to 'etc')
0 files changed, 0 insertions, 0 deletions