float mintls = 1.2; /* minimum TLS version allowed */ float maxtls; /* maximum TLS version allowed */
Floats? The API to OpenSSL doesn't work in floats. We'll have to translate those to something useful. I'd like to push that back to ntp_config. >From /usr/include/openssl/tls1.h # define TLS1_VERSION 0x0301 # define TLS1_1_VERSION 0x0302 # define TLS1_2_VERSION 0x0303 # define TLS1_3_VERSION 0x0304 # define TLS_MAX_VERSION TLS1_3_VERSION We should initialize those slots to TLS1_2_VERSION and TLS_MAX_VERSION Assuming the NTS-KE server is packaged with ntpd, it will also use those version limits. We can also test by running on recen Fedora which supports 1.3 and Debian or older Fedora which only support 1.2. -- These are my opinions. I hate spam. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
