Am 12.10.18 um 12:38 schrieb David Sommerseth:
> On 12/10/18 00:06, Arne Schwabe wrote:
>> The last version of the patch used the TLS1.2 version
>> tls_ctx_restrict_ciphers to set the restrictions for both
>> TLS 1.3 and TLS1.2 instead of using tls_ctx_restrict_ciphers_tls13
>> for TLS1.3.
>>
>> Also fix minor style problem while I am touching the function
>> ---
>> src/openvpn/ssl_openssl.c | 6 ++++--
>> 1 file changed, 4 insertions(+), 2 deletions(-)
>>
>> diff --git a/src/openvpn/ssl_openssl.c b/src/openvpn/ssl_openssl.c
>> index 6717ded0..da573cfa 100644
>> --- a/src/openvpn/ssl_openssl.c
>> +++ b/src/openvpn/ssl_openssl.c
>> @@ -2002,15 +2002,16 @@ show_available_tls_ciphers_list(const char
>> *cipher_list,
>> if (tls13)
>> {
>> SSL_CTX_set_min_proto_version(tls_ctx.ctx, TLS1_3_VERSION);
>> + tls_ctx_restrict_ciphers_tls13(&tls_ctx, cipher_list);
>
> Isn't this function only available in OpenSSL 1.1.1 and newer? Or am I
> missing a fine detail here?
>It is and it is a block ifdef'ed by OpenSSL version. Arne
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
