The last version of the patch used the TLS1.2 version
tls_ctx_restrict_ciphers to set the restrictions for both
TLS 1.3 and TLS1.2 instead of using tls_ctx_restrict_ciphers_tls13
for TLS1.3.
Also fix minor style problem while I am touching the function
---
src/openvpn/ssl_openssl.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
index 6717ded0..da573cfa 100644
--- a/src/openvpn/ssl_openssl.c
+++ b/src/openvpn/ssl_openssl.c
@@ -2002,15 +2002,16 @@ show_available_tls_ciphers_list(const char *cipher_list,
if (tls13)
{
SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION);
+ tls_ctx_restrict_ciphers_tls13(&tls_ctx, cipher_list);
}
else
#endif
{
SSL_CTX_set_max_proto_version(tls_ctx.ctx, TLS1_2_VERSION);
+ tls_ctx_restrict_ciphers(&tls_ctx, cipher_list);
}
tls_ctx_set_cert_profile(&tls_ctx, tls_cert_profile);
- tls_ctx_restrict_ciphers(&tls_ctx, cipher_list);
SSL *ssl = SSL_new(tls_ctx.ctx);
if (!ssl)
@@ -2039,7 +2040,8 @@ show_available_tls_ciphers_list(const char *cipher_list,
else if (NULL == pair)
{
/* No translation found, print warning */
- printf("%s (No IANA name known to OpenVPN, use OpenSSL name.)\n",
cipher_name);
+ printf("%s (No IANA name known to OpenVPN, use OpenSSL name.)\n",
+ cipher_name);
}
else
{
--
2.19.0
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
