Acked-by: Gert Doering <[email protected]>
Verified that v2 is indeed the same as v1, without the init options
hunk. I have stared a the code a bit (looks reasonable) and run the
client side tests (pass).
To test if the compat mode works, I've connected from a client that
was forced with "--tls-version-max 1.0" to be incompatible with TLS 1.2
- connecting to "master with this patch", it fails ("TLS error:
Unsupported protocol"). Setting "--compat-mode 2.3.0" on the server
makes it negotiate TLS 1.0 -> good, does what it says.
I have adjusted the manpage to document that "1.0" is no longer the
default for --tls-version-min.
Your patch has been applied to the master branch.
commit 968569f83b1561ea4dff5b8b1f0d7768e2a18e69.
Author: Antonio Quartulli
Date: Mon Sep 13 21:29:29 2021 +0200
set TLS 1.2 as minimum by default
Signed-off-by: Arne Schwabe <[email protected]>
Signed-off-by: Antonio Quartulli <[email protected]>
Acked-by: Gert Doering <[email protected]>
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg22838.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
