From: Max Fillinger <maximilian.fillin...@foxcrypto.com> Recent versions of mbedtls have dropped support for TLS 1.0 and 1.1. Rather than checking which versions are supported, drop support for everything before 1.2.
Change-Id: Ia3883a26ac26df6bbb5353fb074a2e0f814737be Signed-off-by: Max Fillinger <maximilian.fillin...@foxcrypto.com> Acked-by: Arne Schwabe <arne-open...@rfc2549.org> --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/682 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Arne Schwabe <arne-open...@rfc2549.org> diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index a68588e..ec9ec13 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -1040,12 +1040,8 @@ { #if defined(MBEDTLS_SSL_PROTO_TLS1_2) return TLS_VER_1_2; -#elif defined(MBEDTLS_SSL_PROTO_TLS1_1) - return TLS_VER_1_1; -#elif defined(MBEDTLS_SSL_PROTO_TLS1) - return TLS_VER_1_0; #else /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */ - #error "mbedtls is compiled without support for TLS 1.0, 1.1 and 1.2." + #error "mbedtls is compiled without support for TLS 1.2." #endif /* defined(MBEDTLS_SSL_PROTO_TLS1_2) */ } @@ -1067,20 +1063,6 @@ switch (tls_ver) { -#if defined(MBEDTLS_SSL_PROTO_TLS1) - case TLS_VER_1_0: - *major = MBEDTLS_SSL_MAJOR_VERSION_3; - *minor = MBEDTLS_SSL_MINOR_VERSION_1; - break; -#endif - -#if defined(MBEDTLS_SSL_PROTO_TLS1_1) - case TLS_VER_1_1: - *major = MBEDTLS_SSL_MAJOR_VERSION_3; - *minor = MBEDTLS_SSL_MINOR_VERSION_2; - break; -#endif - #if defined(MBEDTLS_SSL_PROTO_TLS1_2) case TLS_VER_1_2: *major = MBEDTLS_SSL_MAJOR_VERSION_3; _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel