diff options
author | Theo Buehler <tb@cvs.openbsd.org> | 2024-08-02 15:00:02 +0000 |
---|---|---|
committer | Theo Buehler <tb@cvs.openbsd.org> | 2024-08-02 15:00:02 +0000 |
commit | 9c100d81aa6497eeb01544d489c873dbf5c179aa (patch) | |
tree | 72eee15e9ea48a6b5aed41c9054c11b17733cf9f /etc | |
parent | 94591bca44504b3e729d3d60ff4d6c0c373a37c0 (diff) |
libtls: fix legacy protocol parsing
Redefining TLS_PROTOCOL_TLSv1_0 and TLS_PROTOCOL_TLSv1_1 to be the same
as TLS_PROTOCOL_TLSv1_2 had undesired side effects, as witnessed in the
accompanying regress tests. The protocol string all:tlsv1.0 would disable
TLSv1.2 (so only enable TLSv1.3) and tlsv1.2:!tlsv1.1 would disable all
protocols.
It makes more sense to ignore any setting of TLSv1.0 and TLSv1.1, so if
you request 'tlsv1.1' you get no protocol, but 'all:!tlsv1.1' will enable
the two supported protocols TLSv1.3 and TLSv1.2.
Restore the defines to their original values and adjust the parsing code
to set/unset them.
Issue reported by Kenjiro Nakayama
Fixes https://github.com/libressl/openbsd/issues/151
with/ok jsing
Diffstat (limited to 'etc')
0 files changed, 0 insertions, 0 deletions